论文信息 - No Web Site Left Behind : Are We Making Web Security Only for the Elite ?

No Web Site Left Behind : Are We Making Web Security Only for the Elite ?

The web is riddled with flaws that make it unsafe. Protection methods exist, but current web security solutions are often designed to be deployed by programmers and security experts. Unfortunately, programmers and web security experts are not always available: many sites are created by graphic designers with more artistic backgrounds, and others involve web applications installed by non-programmers who want a website to fit a targeted need. These non-expert page creators may find web security solutions confusing and difficult to implement because they assume significant technical expertise. While solutions designed for experts are valuable, solutions for non-experts are needed to make the web safer. Keywords-computer security; web security; web development; usable security

Anil Somayaji | Terri Oda

[1] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.

[2] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[3] Cormac Herley,et al. So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[4] Carsten Maple,et al. UK security breach investigations report: an analysis of data compromise cases , 2010 .

[5] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[6] Paul C. van Oorschot,et al. SOMA: mutual approval for included content in web pages , 2008, CCS.

[7] M. Merkow,et al. 2010 CWE/SANS Top 25 Most Dangerous Programming Errors , 2010 .

[8] Paul C. van Oorschot,et al. The developer is the enemy , 2009, NSPW '08.