Play all

Improving SSL warnings Adrienne Porter Felt Chrome security team

How can browsers stop crying wolf?

Traffic shaping

define, identify

How do we explain this to users?

Threat source: the attacker is on the network, not a malicious website

False positives: be more concerned about errors on well-regarded sites

Your connection is not private. Attackers might be trying to steal your information from www.irs.gov (for example, passwords, messages, or credit cards).

Clear instruction Attractive preferred choice Unattractive other choice

Opinionated design works where text fails

TODO LIST • Warn only when under attack • Users understand warnings e Users follow warning advice

Description:

Explore the challenges and solutions for improving SSL warnings in web browsers in this 52-minute conference talk from OWASP AppSec California 2015. Delve into Adrienne Porter Felt's insights as a Google Chrome security engineer on making HTTPS more effective and user-friendly. Learn about techniques for automatically identifying and resolving false positive warnings, redesigning SSL warnings for better user comprehension, and the importance of opinionated design in security interfaces. Discover strategies for traffic shaping, explaining threats to users, and creating clear, attractive security choices. Gain valuable knowledge on balancing security with usability to enhance online privacy protection and user experience in modern web browsers.

Making SSL Warnings Work - Improving Security and User Experience

OWASP Foundation

Add to list

#Information Security (InfoSec) #Cybersecurity #Web Security #Art & Design #Design & Creativity #User Experience #Programming #Web Development #Web Design #User Experience Design #User Interface Design #Threat Modeling #Computer Science #Information Technology #Traffic Shaping

0:00 / 0:00