AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Back To Schedule
Friday, July 6 • 11:00am - 11:45am
Usable Security for Developers: A Nightmare LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Abstract. The term "usable security" is on everyone's lips and there seems to be a general agreement that, first, security controls should not unnecessarily affect the usability and unfriendliness of systems. And,
second, that simple to use system should be preferred as they minimize the risk of handling errors that can be the root cause of security incidents such as data leakages.
But it also seems to be a general surprise (at least for security experts), why software developers always (still) make so many easy to avoid mistakes that lead to insecure software systems. In fact, many of the large security incidents of the last weeks/months/years are caused by "seemingly simple to fix" programming errors.
Bringing both observations together, it should be obvious that we need usable and developer-friendly security controls and programming frameworks that make it easy to build secure systems. Still, reality
looks different: many programming languages, APIs, and frameworks provide complex interfaces that are, actually, hard to use securely. In fact, they are miles away from providing usable security for developers.
In this talk, I will discuss examples of complex and "non-usable" security for developers such as APIs that, in fact, are (nearly) impossible to use securely or that require a understanding of security  topics that most security experts to not have (and, thus, that we  cannot expert from software developers).

avatar for Achim D. Brucker

Achim D. Brucker

The University of Sheffield
Dr. Achim D. Brucker (www.brucker.ch) is a Senior Lecturer and consultant at The University of Sheffield, UK where he heads the heads the Software Assurance & Security Research Team (logicalhacking.com). Until December 2015, he was a Research Expert (Architect), Security Testing Strategist... Read More →

Friday July 6, 2018 11:00am - 11:45am BST
St James- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE