This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Consumer Best Practices

Jump to: navigation, search

OWASP Consumer Top Ten Safe Web Habits

Safe practices for consumers on the web

How can you stay safe on the Internet? Surprisingly much the same you do in the real world. In this list, targeted for technical and less-technically minded users (Hi dad!), general habits are covered, as well as some specific steps you can take to increase your security and privacy and decrease your risk online.


Today, more and more of our personal lives are spent connected to the Internet. We spend a significant amount of time checking email, looking at social media, logging into our financial accounts, shopping, and more. These activities expose our private lives to the internet where potential predators are stalking. Our personal computers are often connected to the internet 24/7 via high-speed data lines, wireless connections extend the boundaries of our houses, and now our home appliances are even exposed to the Internet through web interfaces.

We use these systems because it makes life easier. Where we once had to go to a bank to make financial transactions, they can all be done from the comfort of our home. We used to program our VCRs manually to record our favorite shows. Now we can simply open an application remotely and configure our TV or DVR to automatically record programs whenever we want. The internet has provided so many more conveniences to our lives but they don’t come without risks.

These new technologies can also make life easier for the bad guys. Instead of breaking into your house, reading through your trash, or spying on you through an open window, tech-savvy bad guys can effectively invade your privacy, steal from you, and generally make your life miserable from anywhere in the world. We often think that the danger is somehow different because it is computer based and not face-to-face; however, this is simply not true. How do we protect ourselves from tech-savvy intruders? How do we protect our privacy and the privacy of our loved ones?

Guiding principles used to keep us safe in the physical world can also guide us in the computer world. We may not be aware of how computer attacks occur but we can look at “physical world” habits, which we apply without thinking because they’re habits, and see how they apply to computers.

This document will cover ten habits we can use on our computers and provide recommendations to safeguard against common attacks. Each habit will provide a recommendation for all users and some recommendations for more experienced users. While the recommendations are specific ways the habits can be exercised, the habit themselves should remain valid, even when the computing landscape changes.

The Habits

H1. Protect your secrets
H2. Guard your privacy
H3. Use security software and services
H4. Secure your environment
H5. Perform routine maintenance
H6. Think twice before trusting
H7. Plan for the worst
H8. Clean up your devices and accounts
H9. Avoid unnecessary risks
H10. Be vigilant and on alert

Documents (Presentations, PDFs, etc.)

PDF File of the Online Content

Presentation Slide Deck

PDF File of the Presentation Slide Deck

Authors and primary editors

Todd Benson - [email protected]

Martin Stemplinger - [email protected]

Andrew van der Stock - [email protected]

Pax Whitmore - [email protected]

David Holmes - [email protected]

Anthony.Lee - [email protected]