This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Top 10 Privacy Risks Project"

From OWASP
Jump to: navigation, search
Line 13: Line 13:
 
==Introduction==
 
==Introduction==
  
Discussions about how to protect privacy and personal data are ongoing and mostly pushed by lawyers and legal experts. But there is no specific description of privacy risks for web applications that companies can apply during development and for users to check whether their privacy is protected well. There are helpful concepts like Privacy by Design, but no detailed description of real life risks causing incidents and privacy breaches in practice. This project will mitigate this gap and create a Top 10 list with technical and organizational privacy risks in web applications and possible counter-measures.
+
Discussions about how to protect privacy and personal data are ongoing and mostly pushed by lawyers and legal experts. But there is no specific description of privacy risks for web applications that companies can apply during development and for users to check whether their privacy is protected well. There are helpful concepts like Privacy by Design, but no detailed description of real life risks causing incidents and privacy breaches in practice. This project will mitigate this gap and create a Top 10 list with technical and organizational privacy risks in web applications and possible counter-measures. Beyond that, we want to raise the awareness of software developers and the management for privacy risks during the SDLC, bring visibility to the right issues and create a community of people that gives practical input for further developement of this project.
  
  

Revision as of 12:31, 20 February 2014

OWASP Project Header.jpg

OWASP Top 10 Privacy Risks Project

OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. The list will cover technological and organizational aspects like missing data encryption or the lack of transparency.


Introduction

Discussions about how to protect privacy and personal data are ongoing and mostly pushed by lawyers and legal experts. But there is no specific description of privacy risks for web applications that companies can apply during development and for users to check whether their privacy is protected well. There are helpful concepts like Privacy by Design, but no detailed description of real life risks causing incidents and privacy breaches in practice. This project will mitigate this gap and create a Top 10 list with technical and organizational privacy risks in web applications and possible counter-measures. Beyond that, we want to raise the awareness of software developers and the management for privacy risks during the SDLC, bring visibility to the right issues and create a community of people that gives practical input for further developement of this project.


Description

A detailed description will be provided shortly.


Licensing

OWASP Top 10 Privacy Risks Project is free to use. It is licensed under the GNU GPL v3 License.


What is the Top 10 Privacy Risks Project?

Description in a nutshell


Contact us


Project Leader

Florian Stahl


Related Projects


Quick Download

  • Link to page/download


News and Events

  • [20 Feb 2014] Project Start


External Links

OECD Privacy Guidelines


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg
Q1
A1
Q2
A2

Volunteers

The Top 10 Privacy Risk list is developed by a team of volunteers. The primary contributors to date have been:

  • Florian Stahl
  • Stefan Burgmair

Partners

As of February 2014, the priorities are:

  • Collection of interested participants (building a team) - Q1/2014.
  • Draft ideas for top 10-20 privacy risks - Q2/2014.
  • Prioritize/rate and improve the list of Top 10 Privacy Risks until end of 2014 (Version 1.0).
  • Ongoing improvement / re-rating.

Involvement in the development and promotion of the project is actively encouraged! You do not have to be a security or privacy expert in order to contribute. Some of the ways you can help:

  • Answer the questionnaire for identifying and rating the Top 10 privacy list (will be provided soon)
  • Tell your colleagues and friends about the project
  • Provide feedback and input (feel free to contact us)


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Top 10 Privacy Risks Project (home page)
Purpose: The OWASP Top 10 Privacy Risks Project provides a top 10 list for privacy risks in web applications and related countermeasures. It covers technological and organizational aspects that focus on real-life risks, not just legal issues. The Project provides tips on how to implement privacy by design in web applications with the aim of helping developers and web application providers to better understand and improve privacy. The list uses the OECD Privacy Guidelines as a framework and can also be used to assess privacy risks associated with specific web applications.
License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
  • Florian Stahl @
  • Stefan Burgmair @
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Florian Stahl @ to contribute to this project
  • Contact Florian Stahl @ to review or sponsor this project
current release
Top 10 Privacy Risks v1 - September 2014 (risk list / final, v1.0) & June 2015 (countermeasures / alpha) - (no download available)
Release description: N/A
Rating: Projects/OWASP Top 10 Privacy Risks Project/GPC/Assessment/Top 10 Privacy Risks v1
last reviewed release
Not Yet Reviewed


other releases