AppSec California 2015: Making SSL Warnings Work

View analytic

Making SSL Warnings Work

HTTPS is an important tool for protecting the privacy of online communication. However, SSL warnings are a weak point in this system. Often, the browser can't tell whether a certificate validation error is indicative of an attack or a simple server misconfiguration. The user is asked to decide what to do, even though s/he probably isn't equipped to make that decision. My team is trying to make SSL warnings more effective (and helpful) in Chrome. In this talk, I'll describe how we're trying to automatically identify and resolve common sources of false positive warnings. I'll also discuss how we redesigned SSL warnings to be more understandable by end users.

Speakers

Adrienne Porter Felt

Security and Privacy Researcher, Google

Adrienne Porter Felt is a software engineer on the Google Chrome security team. Her mission is to make it easy to stay safe on the web. Adrienne leads Chrome’s usable security efforts, including: making security warnings understandable, improving warning accuracy, and encouraging developers to use HTTPS correctly. Previously, she was a research scientist on Google’s security research team.

Tuesday January 27, 2015 4:15pm - 5:15pm
Annenberg Community Beach House: Track 3 415 Pacific Coast Hwy, Santa Monica, CA 90402

Presentation

AppSec California 2015

Adrienne Porter Felt

Attendees (16)

Recently Active Attendees

AppSec California 2015

Sign up or log in to save this to your schedule and see who's attending!

Adrienne Porter Felt

Attendees (16)

Recently Active Attendees