Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328
29 April 2025 - 44 minsIn this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why designs should put classes of vulns into dungeons.
But we can't threat model a secure design forever and we can't oversimplify guidance for a design to be "more secure". Kalyani Pawar and Jack Cable join the discussion to provide advice on evaluating secure designs through examples of strong and weak designs we've seen over the years. We highlight the importance of designing systems to serve users and consider what it means to have a secure design with a poor UX. As we talk about the strategy and tactics of secure design, we share why framing t...
Series Episodes
Internal Audit Focal Points for 2026 as AI Impacts Conventional Cybersecurity - Tim Lietz - BSW #431
54 mins
21 January Finished
Carla the Ogre, extensions, Crashfix, Gemini, ChatGPT, Dark AI, MCP, Joshua Marpet - SWN #548
40 mins
20 January Finished
Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366
44 mins
20 January Finished
Making vulnerability management and incident response actually work. Also, the News! - Ryan Fried, Beck Norris, José Toledo - ESW #442
1 hour 43 mins
19 January Finished
Miss Cleo, Whisperpair, Fortisiem, REDVDS, Google, Spying, Rob Allen and More... - Rob Allen - SWN #547
39 mins
16 January Finished
