Explore a comprehensive analysis of cryptographic API usability in this 21-minute IEEE conference talk. Delve into the findings of a controlled experiment involving 256 Python developers from GitHub, who tackled common symmetric and asymmetric cryptography tasks using five different APIs. Discover how API design impacts code security and functionality, and learn why simplicity alone is insufficient for creating effective cryptographic libraries. Examine the crucial roles of documentation, code examples, and auxiliary features in promoting secure development practices. Gain insights into the surprising compensatory effects of comprehensive documentation on complex APIs, and understand the concerning disconnect between developers' perceptions of code security and actual security outcomes. Uncover valuable recommendations for designing future cryptographic libraries that balance simplicity, functionality, and security.
Overview
Syllabus
Intro
Developers fail
You best people fail
API design for usability
Python
Libraries
Study Tasks
Study Environment
Questionnaires
Results
Functionality Results
Security Results
Security
Summary
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Developing APIs with Google Cloud's Apigee API Platform
-
Application Development using Microservices and Serverless
-
JavasCrypto - How We Are Using Browsers as Cryptographic Engines
-
Python List Comprehensions
-
The Complete React Bootcamp 2023 (Updated)
-
Optimizing Performance and Security: Crafting Robust APIs
