ThoughtWorks
  • 联系我们
  • Español
  • Português
  • Deutsch
  • English
概况
  • 工匠精神和科技思维

    采用现代的软件开发方法,更快地交付价值

    智能驱动的决策机制

    利用数据资产解锁新价值来源

  • 低摩擦的运营模式

    提升组织的变革响应力

    企业级平台战略

    创建与经营战略发展同步的灵活的技术平台

  • 客户洞察和数字化产品能力

    快速设计、交付及演进优质产品和卓越体验

    合作伙伴

    利用我们可靠的合作商网络来扩大我们为客户提供的成果

概况
  • 汽车企业
  • 清洁技术,能源与公用事业
  • 金融和保险企业
  • 医疗企业
  • 媒体和出版业
  • 非盈利性组织
  • 公共服务机构
  • 零售业和电商
  • 旅游业和运输业
概况

特色

  • 技术

    深入探索企业技术与卓越工程管理

  • 商业

    及时了解数字领导者的最新业务和行业见解

  • 文化

    分享职业发展心得,以及我们对社会公正和包容性的见解

数字出版物和工具

  • 技术雷达

    对前沿技术提供意见和指引

  • 视野

    服务数字读者的出版物

  • 数字化流畅度模型

    可以将应对不确定性所需的数字能力进行优先级划分的模型

  • 解码器

    业务主管的A-Z技术指南

所有洞见

  • 文章

    助力商业的专业洞见

  • 博客

    ThoughtWorks 全球员工的洞见及观点

  • 书籍

    浏览更多我们的书籍

  • 播客

    分析商业和技术最新趋势的精彩对话

概况
  • 申请流程

    面试准备

  • 毕业生和变换职业者

    正确开启技术生涯

  • 搜索工作

    在您所在的区域寻找正在招聘的岗位

  • 保持联系

    订阅我们的月度新闻简报

概况
  • 会议与活动
  • 多元与包容
  • 新闻
  • 开源
  • 领导层
  • 社会影响力
  • Español
  • Português
  • Deutsch
  • English
ThoughtWorks菜单
  • 关闭   ✕
  • 产品及服务
  • 合作伙伴
  • 洞见
  • 加入我们
  • 关于我们
  • 联系我们
  • 返回
  • 关闭   ✕
  • 概况
  • 工匠精神和科技思维

    采用现代的软件开发方法,更快地交付价值

  • 客户洞察和数字化产品能力

    快速设计、交付及演进优质产品和卓越体验

  • 低摩擦的运营模式

    提升组织的变革响应力

  • 智能驱动的决策机制

    利用数据资产解锁新价值来源

  • 合作伙伴

    利用我们可靠的合作商网络来扩大我们为客户提供的成果

  • 企业级平台战略

    创建与经营战略发展同步的灵活的技术平台

  • 返回
  • 关闭   ✕
  • 概况
  • 汽车企业
  • 清洁技术,能源与公用事业
  • 金融和保险企业
  • 医疗企业
  • 媒体和出版业
  • 非盈利性组织
  • 公共服务机构
  • 零售业和电商
  • 旅游业和运输业
  • 返回
  • 关闭   ✕
  • 概况
  • 特色

  • 技术

    深入探索企业技术与卓越工程管理

  • 商业

    及时了解数字领导者的最新业务和行业见解

  • 文化

    分享职业发展心得,以及我们对社会公正和包容性的见解

  • 数字出版物和工具

  • 技术雷达

    对前沿技术提供意见和指引

  • 视野

    服务数字读者的出版物

  • 数字化流畅度模型

    可以将应对不确定性所需的数字能力进行优先级划分的模型

  • 解码器

    业务主管的A-Z技术指南

  • 所有洞见

  • 文章

    助力商业的专业洞见

  • 博客

    ThoughtWorks 全球员工的洞见及观点

  • 书籍

    浏览更多我们的书籍

  • 播客

    分析商业和技术最新趋势的精彩对话

  • 返回
  • 关闭   ✕
  • 概况
  • 申请流程

    面试准备

  • 毕业生和变换职业者

    正确开启技术生涯

  • 搜索工作

    在您所在的区域寻找正在招聘的岗位

  • 保持联系

    订阅我们的月度新闻简报

  • 返回
  • 关闭   ✕
  • 概况
  • 会议与活动
  • 多元与包容
  • 新闻
  • 开源
  • 领导层
  • 社会影响力
博客
选择主题
查看所有话题关闭
技术 
敏捷项目管理 云 持续交付 数据科学与工程 捍卫网络自由 演进式架构 体验设计 物联网 语言、工具与框架 遗留资产现代化 Machine Learning & Artificial Intelligence 微服务 平台 安全 软件测试 技术策略 
商业 
金融服务 全球医疗 创新 零售行业 转型 
招聘 
职业心得 多元与融合 社会改变 
博客

话题

选择主题
  • 技术
    技术
  • 技术 概观
  • 敏捷项目管理
  • 云
  • 持续交付
  • 数据科学与工程
  • 捍卫网络自由
  • 演进式架构
  • 体验设计
  • 物联网
  • 语言、工具与框架
  • 遗留资产现代化
  • Machine Learning & Artificial Intelligence
  • 微服务
  • 平台
  • 安全
  • 软件测试
  • 技术策略
  • 商业
    商业
  • 商业 概观
  • 金融服务
  • 全球医疗
  • 创新
  • 零售行业
  • 转型
  • 招聘
    招聘
  • 招聘 概观
  • 职业心得
  • 多元与融合
  • 社会改变
安全体验设计技术

Better security by design

Gillian "Gus" Andrews Gillian "Gus" Andrews

Published: Nov 24, 2017

Human error is one of the toughest things to guard against when planning digital security. It’s the single biggest attack surface in digital systems. And yet, security and user-experience (UX) design are generally not considered in tandem — in fact, security and usability are sometimes seen as enemies. That needs to change.

The emergence of cross-functional development teams, in particular, demands security and UX should sit together. Neither design nor security should be add-ons or afterthoughts to the development process.

The release of the 2017 Open Web Application Security Project (OWASP) Top 10 presents a good moment to consider how design and security can work together to reduce risk. OWASP formed as an independent, open space to raise awareness about digital security threats and help improve everyone’s defenses. Their Top 10 is a list of the current most critical web application security risks.

When your organization addresses the security vulnerabilities identified by OWASP, it's a good moment to involve your designers and usability experts in the conversation, as well as your security experts. OWASP recommends finding "natural opportunities to gather security information and feed it back into your process." The same goes for design.

Not all of the OWASP recommendations have usability implications, but a few key ones do. Here are a few ways in which software development teams can involve designers when addressing security concerns, as well as things designers should know to help keep their users and their data safe.

A1 – Injection and A7 – Cross-Site Scripting (XSS)

Injection is when an attacker gains the ability to run commands on a site using an otherwise innocent place to enter text — for example, entering a malevolent code into a form on a website. Cross-site scripting is another kind of injection attack. It refers to attacks which exploit vulnerabilities via user-entered content that is displayed back to a user on a page. OWASP rates both of these attacks as very easy to accomplish, and they’re made common by software which does not restrict potentially harmful input.
 
Designers can minimize the risk of injection attacks through understanding how the entry fields they create can be misused.

Limiting the length and kind of text that can be entered into a field helps protect against attack. Knowing some characters need to be refused or escaped by your entry fields also helps.

To prevent XSS, consider what precautions need to be taken when rendering user input in the browser. Freeform fields like comment fields, forums, and search fields, along with uses of JavaScript and calls to databases or other services should be given particular attention.

A2 – Broken authentication and session management

OWASP's #2 listed threat is user-centric — and not in a good way. Authentication, or ensuring that users are who they say they are, is a perennial security challenge. This is mostly because of the limits of the human brain. Password systems end up encouraging users to reuse, write down, or choose weak passwords, lest they forget them. Encryption keys are so long they're impossible for a human being to remember.

Because authentication rests so heavily on human factors, it’s important to include user experience designers in developing user flows for password creation and management, two-factor authentication, and login/logout. Designers can apply design heuristics to reduce user errors, ensure interfaces express clearly to users what the system is doing, and limit the burden on users' memory.

Designers should keep in mind that login and password management are not the pages where they should get innovative. Be familiar with well-tested best practices in authentication design. OWASP provides guidelines on designs for authentication, supporting users in choosing passwords, password storage, and forgotten passwords.

The Security, Privacy, and Abuse team at Google has also established a number of best practices which they’ve validated through A/B testing and other research; some can be found on their blog. And the CyLab Usable Privacy and Security (CUPS) group at Carnegie Mellon has produced a large body of research on how to support users in choosing passwords that are both usable and secure.

There are also some features you can include in your authentication screens to support better security practices. Paste and drag-and-drop should be enabled so that users can enter passwords from their password safes. Password safes enable users to create unique, strong passwords that would otherwise be impossible for them to remember.

A3 – Sensitive data exposure

OWASP recommends that companies identify the data they store, transmit, and process that requires extra protection. Credit card numbers, passwords, personally identifiable information, and health records are among the categories that need special attention. Encrypting such data, or not storing it in the first place, can help protect users.

By contrast, advocates for user privacy and security suggest casting a somewhat broader protective net when considering what is "sensitive." Location (including GPS coordinates and IP addresses), contact or friend network information and browsing history are other categories of information which need special consideration in order to protect users, particularly vulnerable ones. IP addresses cannot be logged in the EU without user permission, as they could be used to identify users' online activity. Because of this, it is important to think about potential risks when you log IP addresses in apps or metrics.

When considering user needs, you may want to make use of these open-source personas for privacy and security, which run through how best to protect sensitive data. Among the use cases in that deck are journalists, survivors of domestic abuse, and LGBTQ individuals. Consider:
  • Will anyone be seeking to physically harm users of my software? How can I help protect against that?
  • Am I safely designing for multi-user use cases? To what extent will threats to these users come from those who are closest to them, maybe even in their own households?
  • How might the data I collect have unexpected consequences? Consider, for example, that one husband found out his wife was pregnant by looking at the blood pressure measurements on her activity tracker
  • How might the settings of my app have unexpected consequences? For example, someone locking down an IoT thermostat so their spouse cannot control it
  • What are the possible risks of exposing who someone knows? What are the risks of exposing where they currently are?
  • What information would these users want to selectively protect or display about themselves, in which situations?

A5 – Broken access control

Broken access control allows users to access parts of a system they shouldn’t be able to—for example, an employee from outside of the human resources department being able to view employee records.

OWASP points to old, defunct pages as a major source of this vulnerability. To get a clear picture of where inappropriate access might happen, it is important to involve UX staff to fully sketch out user flows related to access permissions, and get rid of pages which are no longer needed. Be sure to include edge cases and both happy and unhappy paths when you outline what screens users will and won’t be able to access.

Designers should also be aware of the role of design patterns in limiting user access and be sure to use them when designing security-sensitive interfaces. For example, drop-down menus can be limited to only display the options a given user is allowed to access.

Writing matters, too. An overly explicit error message when someone tries to access a page can give away details about authentication (for example, "Your username is your email address") and make it easier for criminals to target users of your system. If you're working on information architecture or SEO, think about weaknesses in your URL structure. For example, ways in which someone might manipulate the URL to increment a pattern or otherwise guess their way into access they shouldn't have.

A6 – Security Misconfiguration

As with authentication, designers can ensure users make the best decisions for security configuration. Many of these overlap with best-practices design heuristics. For example, providing users with good, safe defaults is important. This includes not shipping with easily guessable default passwords, a practice which has been a major source of security problems, particularly in IoT.

Wording on error messages and warnings is also critical to ensuring that users understand what is going on. It can ensure users don't just dismiss a warning because it is too wordy or technical.

See, for example, the Google SPA team's work to make SSL certificate warnings understandable and less-avoidable for users. Their A/B testing of how warnings were designed and worded led to a huge decrease in the number of users who allowed their browsers to access malicious sites, from 70% in 2013 down to 33% (Windows) and 17% (Android) in 2017. The EU has also published a study on effective ways to write warning messages.

OWASP notes that it may be useful to automate scanning for security misconfiguration or unused/unnecessary services. Designers and developers may want to work together to develop flows which periodically present options for users to update their security configurations and service permissions. Google, Facebook, and Twitter have all developed good examples of how to periodically encourage users to review and update their permissions, as well as their backup authentication credentials.

Older OWASP-identified risks: Insufficient attack protection

Insufficient attack protection didn't make the Top Ten in this round of OWASP recommendations, but it's still a risk UX professionals should educate themselves about. Repeated attempts to access an application are an indicator that someone is trying to attack a system. That’s why many systems limit the number of login attempts a user is allowed to make. You should learn best practices for securely messaging around login attempts. As previously mentioned, error messages should not give attackers too much detail on why their attempt failed. Work with developers and security staff to ensure that user flows around login account for attacker patterns.

Include UX professionals in security conversations, too

Interestingly, OWASP itself recommends a series of design reviews to check the security of systems but doesn’t suggest that designers be included in that process. Given that interfaces and user flows may need to change to support better security, experience designers should certainly be included in any security reviews touching these elements.

User testing, as well as design review, is critical to ensure interfaces, instructions, and other messages aren’t confusing or frightening to users. Including UX personnel and end users in your security reviews will ensure that the recommendations from security reviews are implemented in ways that don’t frustrate users, cause them to stop using the tool, or make bad security decisions in spite of developers' best efforts.
相关博客
体验设计

UX - Are you Doing it Yet?

Ted McCarthy
了解更多
安全

A lean model for security and security practices

Dave Elliman
了解更多
安全

Design thinking to increase information security and data privacy

Bridget Sheerin
了解更多
  • 产品及服务
  • 合作伙伴
  • 洞见
  • 加入我们
  • 关于我们
  • 联系我们

WeChat

×
QR code to ThoughtWorks China WeChat subscription account

媒体与第三方机构垂询 | 政策声明 | Modern Slavery statement ThoughtWorks| 辅助功能 | © 2021 ThoughtWorks, Inc.