Meta Refresh 2013

The design and engineering of user interface on the web

Akash Mahajan


HOW TO tell if you're designing an insecure site

Submitted Jan 28, 2013


Attend this How To session and you will gain the fundamental understanding about these and more.

  • Why does a secure password reset feature on a website work the way it does?
  • Why is it important for a browser to notify when you are going to a https website?
  • What does the phrase “Secure By Design” mean?

BONUS (Only if time permits)

  • Why an Aadhaar card will not ensure that your personal information is safely stored in a government database? In other words biometric authentication doesn’t mean data can’t be stolen and misused.
  • Why favicons are instruments of evil?

45 Minutes of Standup without any buzzwords

Maybe you attended a deep, profound session on existential design and how to nodejs the f*@# out of your existing responsive cloud meta architecture but I promise to keep my talk buzzword free and regale you with some classical humour from the 20th century.


Using the format Yahoo started and Quora completely hijacked, I’ll answer 3 basic questions about the internet, covering security, design and how things go bump on the internet.

MetaRefresh is an interesting conference. Among all the hasgeek
conferences this is the one where you see an overlap between the left-
brained and the right-brained. On one hand you meet amazing
designers who are creating art and on the other you have front-end
engineers who run routes and scripts around all of us.

My session is about the place where these two meet. The session is
about why frontend engineers need to understand and embrace the
simplicity of the protocol they are building upon. Designers need to get that the intrinsic value of the world wide web is when non-technical
folks (like my parents) are able to buy tickets, shop for stuff, play
games on FB without worrying about their money getting stolen,
malware eating their photos and losing their cat pictures.



  • An open mind
  • Sense of humour
  • Laugh on cue
  • Give feedback
  • Ask a lot of questions


  • Take any notes
  • Sit back quietly
  • Not share your opinions

Speaker bio

I used to freelance as a Web Application Security Consultant. Now I run my Application Security Company with special focus on Web and Mobile.

I help companies become secure by helping them understand approaches to security for the platform, security best practices and most importantly spreading the message that being secure is much cheaper than being insecure.

Among other things I am the co-founder+Community Manager for “null - The Open Security Community” and OWASP Bangalore

Website | @makash | Linkedin | Slideshare



{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Meta Refresh is an umbrella forum for conversations about different aspects of design and product including: UX and interaction design CMS, content management, publishing and content marketing Information architecture more