March 10-12, 2010
Montreal, Canada

Security-Centered Design

Security is more than filtering input and escaping output (FIEO). It's more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn't even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception can be as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I'll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I'll show some real-world examples that demonstrate the profound impact human behavior can have on security.

View all 132 sessions

Chris Shiflett


Hi, I’m Chris Shiflett, a web developer from Brooklyn, NY, and a founding member of Analog, a web design and development co-operative. When inspiration strikes, I can be found scribbling on my blog at, or on Twitter as @shiflett. In 2007, I started PHP Advent, an Advent calendar for the PHP community. I have authored and co-authored a few books — most notably Essential PHP Security and HTTP Developer's Handbook — and have written articles for publications like Smashing Magazine.

Read More