Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure.


Download 100.89 Kb.
NameAbstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure.
page1/9
A typeAbstract
  1   2   3   4   5   6   7   8   9


Blindsided by Security

The Reality of Web Security for the Visually Impaired
Britta Offergeld (Royal New Zealand Foundation of the Blind)

Laura Bell (Lateral Security)
Released for OWASP New Zealand Day - August 2012


Abstract


As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. Even the least technical home users are becoming more confident in spotting suspicious behaviour online.
Unfortunately, for the visually impaired, it’s not that simple. In a world where visual clues are not enough and where additional technologies such as screen readers are business as usual – web security is a very different matter.
In this whitepaper, Lateral Security and The Royal New Zealand Foundation of the Blind examine the guidance and security best practice commonly in use for web applications today and how effective they are for those with visual impairments. In addition, a series of improvements and solutions are outlined.



Introduction


Web application security is a fast evolving area of information security. Internationally, security researchers are working to push the technologies employed for online commerce and communications in search of exploits and vulnerabilities. While some of these researchers do so in the hopes of helping to secure these services for these users, an increasing number are using these vulnerabilities for criminal or financial gain.
As fast as the technology evolves, our web application developers are expected to adapt. Constantly seeking new techniques and paradigms to address the security concerns of business. To complicate matters further, these advances in security need to be delivered in a way that not only makes users safe, but makes web applications intuitive and user friendly.

Finding the balance between security and usability is challenging in normal circumstance, but when designing with the blind or visually impaired in mind the decision we make as developers can render an innovative application unusable.

A good web application developer needs to not only keep up to date with the latest best practice in security, but also adapt their technical choices to suit an audience that includes those of us reliant on screen readers and adaptive technologies to operate online.

New Zealand is home to over eleven thousand blind or visually impaired internet users. People who are embracing technology to allow them to make use of the powerful communication and business opportunities offered online.

In this whitepaper we examine five elements of modern web application design, how they are commonly implemented and the consequences of these implementation choices for the visually impaired.

In addition, we will outline simple changes to these designs and implementations that would improve the usability and security for this demographic without compromising the overall appeal and usability of the site.

Assistive Technologies for the Blind


Whether an individual was born blind or whether their visual impairment is as a result of an illness or event later in life, the range of technologies and techniques employed to operate in an online environment are the same.

These technologies centre on products and devices that can interpret the information on the screen and present it in a more suitable format. Traditionally this is audio or braille presentation.

The primary difference between a visually impaired and sighted internet user concerns the use of input devices. Unlike the average internet user, a blind or visually impaired user relies on a keyboard, voice or physical gestures to interact with the display. Mouse usage within this group is very low and few technologies exist that can tolerate the tracking of co-ordinates on a screen to the level of precision required to assist with the use of a mouse.

This change in input device is one of the primary considerations overlooked by web application developers.

In addition to differences input devices, the use of screen reader technology to interpret the information displayed in the web browser can dramatically change the experience offered by a web application. Imagine an application that relied only on the parsing of its DOM and written content to appeal to the end user. An application unable to use font effects and graphics to draw the eye or focus the user’s attention presents a much greater challenge than most developers and designers anticipate.
  1   2   3   4   5   6   7   8   9

Share in:

Related:

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconFor over 14 years I have been a ux/ui designer, Web Designer and...

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconAbstract : Security on the Web continues to be a significant concern...

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconTemplate for Web Security Standard (tss-web)

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconFront End Web Development ● Web/Graphic Design

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconTechnology is used to create web application (resides at server side...

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconPL/sql application Frameworks for Custom Systems

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconAbstract: In the Web environment, end user privacy is one of the...

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconWeb Security Standard Template

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconAbstract this paper reviews the design and implementation of several...

Abstract As web developers we try to design systems that can protect as well as provide for our clients. As security consultants, we develop guidelines and frameworks that people can use to decide if a web application is trustworthy and secure. iconAgile web-crawler: design and implementation




forms and shapes


When copying material provide a link © 2017
contacts
filling-form.info
search