Hello All,

My name is Prithvi Bisht and I will present the paper titled “Analyzing Websites for User-Visible Security Design Flaws” on Wednesday, 4 March.

The main question asked in this paper is “Do legitimate websites assist in making secure decisions?”

a.       What flaws (design level) exist that facilitate attacks like Phishing, Social engineering?

b.      How these flaws can be removed?

This paper presents a survey of financial websites for security relevant flaws and recommends several remedies. In the class we will take an in-depth look at the design flaws, perform security and usability analysis of the recommendations, and discuss issues/solutions for designing secure web applications.

Note:  An equally important question “Do users make secure decisions” is covered in prior works like the following –

[1] Why Phishing Works – R. Dhamija et al., SICHI 2006

[2] The emperor’s new security indicators: An evaluation of website authentication and the effect of role playing on usability studies – S. Schechter et al., IEEE S&P 2007