HOW TO tell if you're designing an insecure site
Submitted by Akash Mahajan (@makash) on Monday, 28 January 2013
Attend this How To session and you will gain the fundamental understanding about these and more.
- Why does a secure password reset feature on a website work the way it does?
- Why is it important for a browser to notify when you are going to a https website?
- What does the phrase "Secure By Design" mean?
BONUS (Only if time permits)
- Why an Aadhaar card will not ensure that your personal information is safely stored in a government database? In other words biometric authentication doesn't mean data can't be stolen and misused.
- Why favicons are instruments of evil?
45 Minutes of Standup without any buzzwords
Maybe you attended a deep, profound session on existential design and how to nodejs the f*@# out of your existing responsive cloud meta architecture but I promise to keep my talk buzzword free and regale you with some classical humour from the 20th century.
Using the format Yahoo started and Quora completely hijacked, I'll answer 3 basic questions about the internet, covering security, design and how things go bump on the internet.
MetaRefresh is an interesting conference. Among all the hasgeek conferences this is the one where you see an overlap between the left- brained and the right-brained. On one hand you meet amazing designers who are creating art and on the other you have front-end engineers who run routes and scripts around all of us.
My session is about the place where these two meet. The session is about why frontend engineers need to understand and embrace the simplicity of the protocol they are building upon. Designers need to get that the intrinsic value of the world wide web is when non-technical folks (like my parents) are able to buy tickets, shop for stuff, play games on FB without worrying about their money getting stolen, malware eating their photos and losing their cat pictures.
- An open mind
- Sense of humour
- Laugh on cue
- Give feedback
- Ask a lot of questions
- Take any notes
- Sit back quietly
- Not share your opinions
I used to freelance as a Web Application Security Consultant. Now I run my Application Security Company with special focus on Web and Mobile.
I help companies become secure by helping them understand approaches to security for the platform, security best practices and most importantly spreading the message that being secure is much cheaper than being insecure.
Among other things I am the co-founder+Community Manager for "null - The Open Security Community" and OWASP Bangalore