1
Undo
Votes
Human error is one of the toughest things to guard against when planning digital security. It’s the single biggest attack surface in digital systems. And yet, security and user-experience (UX) design are generally not considered in tandem — in fact, security and usability are sometimes seen as enemies. That needs to change.
The emergence of cross-functional development teams, in particular, demands security and UX should sit together. Neither design nor security should be add-ons or afterthoughts to the development process.
The release of the 2017 Open Web Application Security Project (OWASP) Top 10 presents a good moment to consider how design and security can work together to reduce risk. OWASP formed as an independent, open space to raise awareness about digital security threats and help improve everyone’s defenses. Their Top 10 is a list of the current most critical web application security risks.
When your organization addresses the security vulnerabilities identified by OWASP, it's a good moment to involve your designers and usability experts in the conversation, as well as your security experts. OWASP recommends finding "natural opportunities to gather security information and feed it back into your process." The same goes for design.
Not all of the OWASP recommendations have usability implications, but a few key ones do. Here are a few ways in which software development teams can involve designers when addressing security concerns, as well as things designers should know to help keep their users and their data safe.
Injection and A7 – Cross-Site Scripting (XSS)
Injection is when an attacker gains the ability to run commands on a site using an otherwise innocent place to enter text.
Broken authentication and session management
Authentication, or ensuring that users are who they say they are, is a perennial security challenge. This is mostly because of the limits of the human brain. Password systems end up encouraging users to reuse, write down, or choose weak passwords, lest they forget them. Encryption keys are so long they're impossible for a human being to remember.
Sensitive data exposure
Identify the data they store, transmit, and process that requires extra protection. Credit card numbers, passwords, personally identifiable information, and health records are among the categories that need special attention. Encrypting such data, or not storing it in the first place, can help protect users.
Broken access control
Broken access control allows users to access parts of a system they shouldn’t be able to.
Security Misconfiguration
As with authentication, designers can ensure users make the best decisions for security configuration. Many of these overlap with best-practices design heuristics. For example, providing users with good, safe defaults is important. This includes not shipping with easily guessable default passwords, a practice which has been a major source of security problems
Insufficient attack protection
Repeated attempts to access an application are an indicator that someone is trying to attack a system.
Include UX professionals in security conversations
Experience designers should certainly be included in any security reviews touching design reviews. User testing is critical to ensure interfaces, instructions, and other messages aren’t confusing or frightening to users.
The emergence of cross-functional development teams, in particular, demands security and UX should sit together. Neither design nor security should be add-ons or afterthoughts to the development process.
The release of the 2017 Open Web Application Security Project (OWASP) Top 10 presents a good moment to consider how design and security can work together to reduce risk. OWASP formed as an independent, open space to raise awareness about digital security threats and help improve everyone’s defenses. Their Top 10 is a list of the current most critical web application security risks.
When your organization addresses the security vulnerabilities identified by OWASP, it's a good moment to involve your designers and usability experts in the conversation, as well as your security experts. OWASP recommends finding "natural opportunities to gather security information and feed it back into your process." The same goes for design.
Not all of the OWASP recommendations have usability implications, but a few key ones do. Here are a few ways in which software development teams can involve designers when addressing security concerns, as well as things designers should know to help keep their users and their data safe.
Injection and A7 – Cross-Site Scripting (XSS)
Injection is when an attacker gains the ability to run commands on a site using an otherwise innocent place to enter text.
Broken authentication and session management
Authentication, or ensuring that users are who they say they are, is a perennial security challenge. This is mostly because of the limits of the human brain. Password systems end up encouraging users to reuse, write down, or choose weak passwords, lest they forget them. Encryption keys are so long they're impossible for a human being to remember.
Sensitive data exposure
Identify the data they store, transmit, and process that requires extra protection. Credit card numbers, passwords, personally identifiable information, and health records are among the categories that need special attention. Encrypting such data, or not storing it in the first place, can help protect users.
Broken access control
Broken access control allows users to access parts of a system they shouldn’t be able to.
Security Misconfiguration
As with authentication, designers can ensure users make the best decisions for security configuration. Many of these overlap with best-practices design heuristics. For example, providing users with good, safe defaults is important. This includes not shipping with easily guessable default passwords, a practice which has been a major source of security problems
Insufficient attack protection
Repeated attempts to access an application are an indicator that someone is trying to attack a system.
Include UX professionals in security conversations
Experience designers should certainly be included in any security reviews touching design reviews. User testing is critical to ensure interfaces, instructions, and other messages aren’t confusing or frightening to users.
0
Undo
Votes
I really like the content on this page. The details are really helpful to understand about security canon printer repair . The security details you are shared helped to collect some details regarding security. After reading this I know the number of things that are connected to security.
0
Undo
Votes
Geek Squad Tech Support group is accessible 24/7 across the globe. These experts are trained to resolve various tech issues. Call the experts at Geek Squad Tech Support for 24/7 help and avail best help on device repair.
0
Undo
Votes
Get the best technical help and guidance at Geek squad tech support number. Get in touch with extensively trained tech support team for all sort of queries and issues regarding your devices. You can contact https://geekstechs.org/geek-squad-tech-support/">Geek squad round the clock according to your convenience.
0
Undo
Votes
It is really great post and i really enjoy when i am reading this article. Thank you for sharing this great post with us. I am really happy to see this.
Saludpulso.com
Saludpulso.com
- Page :
- 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
Be one of the first to reply to this post!