Public facing websites are under constant threat by a diverse set of attacks. Some of these attacks are very obvious because the website is rendered inaccessible (DoS, defacing, etc.) and some try to remain undetected and represent persistent threats (stealth attacks, malicious redirects, etc.). In case of the latter kind, these threats can go unnoticed, in particular if the owner of an attacked website is not a large company with proper monitoring in place. Especially small and medium sized businesses (SMEs) underestimate the prevalence of these attacks.

Therefore, this project aims to investigate ways to improve the effectiveness of security notifications, covering both, hacks and misconfigurations. The research plan follows three steps in dedicated work packages. The ultimate goal is to map out the design space of effective security notifications. We envision this design space to be used by practitioners and researchers alike.