Security-Centered Design: Exploring the Impact of Human Behavior

Chris Shiflett (Analog)
Security
Location: Ballroom A7
Average rating: ****.
(4.67, 6 ratings)

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception is as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I’ll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I’ll show some real-world examples that demonstrate the profound impact human behavior can have on security.

People planning to attend this session also want to see:

Photo of Chris Shiflett

Chris Shiflett

Analog

Chris Shiflett is the Chief Technology Officer of OmniTI, where he leads the web application security practice and guides web development initiatives.

Chris is a thought leader in the PHP and web application security communities — a widely-read blogger at shiflett.org, a popular speaker at industry conferences worldwide, and the founder of the PHP Security Consortium.

His books include the critically-acclaimed Essential PHP Security (O’Reilly) and HTTP Developer’s Handbook (Sams). His writing has also appeared in a number of other popular books including Programming PHP (O’Reilly), PHP Cookbook (O’Reilly), and PHP in Action (Manning).

Comments on this page are now closed.

Comments

Burvil N/A
07/23/2009 11:42pm PDT

Very entertaining, a lot of good, applicable examples that make you think and really get the point across.

Picture of Chris Sontag
Chris Sontag
07/23/2009 5:01pm PDT

This was an excellent talk. The speaker is articulate, engaging and clearly intelligent. This was, BY FAR, one of the most interesting sessions of OSCON09.

  • Intel
  • Microsoft
  • Google
  • SourceForge.net
  • Sun Microsystems
  • Facebook
  • Gear6
  • Kaltura
  • Liferay
  • MindTouch
  • MySpace.com
  • Novell, Inc.
  • Open Invention Network
  • Rackspace Cloud
  • Schooner Information Technology
  • Silicon Mechanics
  • Symbian Foundation
  • Twilio
  • WSO2
  • Yabarana Corporation

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@ oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required)

Contact Us

View a complete list of OSCON contacts