This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Top 10 Privacy Risks Project

From OWASP
Jump to: navigation, search
Lab big.jpg

The project in a nutshell

The OWASP Top 10 Privacy Risks Project provides a top 10 list for privacy risks in web applications and related countermeasures. It covers technological and organizational aspects that focus on real-life risks, not just legal issues. The Project provides tips on how to implement privacy by design in web applications with the aim of helping developers and web application providers to better understand and improve privacy. The list uses the OECD Privacy Guidelines as a framework and can also be used to assess privacy risks associated with specific web applications.

Top 10 Privacy Risks

P1    Web Application Vulnerabilities
P2    Operator-sided Data Leakage
P3    Insufficient Data Breach Response
P4    Insufficient Deletion of personal data
P5    Non-transparent Policies, Terms and Conditions
P6    Collection of data not required for the primary purpose
P7    Sharing of data with third party
P8    Outdated personal data
P9    Missing or Insufficient Session Expiration
P10  Insecure Data Transfer

Further information is provided in the Top 10 Privacy Risks tab.

Contact us

Florian Stahl @
Stefan Burgmair @

Quick Download

Licensing

OWASP Top 10 Privacy Risks Project is free to use. It is licensed under the Creative Commons CC-BY-SA v3.0 License.

Download Infographic version

Top 10 Risks.png

News

  • [Ongoing] Update of the OWASP Top 10 Privacy Risks
  • [8 April 2016] Countermeasures v1.0 published
  • [1 July 2015] German Translation available
  • [21 Sep 2014] Top 10 Privacy Risks v1.0 published
  • [20 Feb 2014] Project Start

External Links

OECD Privacy Guidelines Internet Privacy Engineering Network - IPEN
Video from IPEN workshop at Berlin state parliament
Video from panel discussion at CPDP 2015 in Brussels
Video from presentation at AppSec EU 2015
Check your website with PRIVACYSCORE

Classifications

Midlevel projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg