This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Consumer Best Practices"
From OWASP
| Line 40: | Line 40: | ||
* Do not enable services you don't use | * Do not enable services you don't use | ||
| − | ==Physical Security== | + | ==Poor Physical Security== |
* Encrypt devices and drives | * Encrypt devices and drives | ||
* Do not leave mobile devices unattended | * Do not leave mobile devices unattended | ||
| − | * | + | * Use an inactivity lockout |
* Password protect all devices | * Password protect all devices | ||
| − | ==Review reputation scoring services ( | + | ==Review reputation scoring services (Probably "Detection" for #2"== |
| − | + | * Review credit reports | |
| − | + | * Review unknown uses of online accounts | |
| − | + | * Subscribe to a credit monitoring service | |
| − | + | * Freeze credit | |
Revision as of 04:40, 14 June 2016
- 1 Potential OWASP Consumer Top Ten
- 1.1 Weak password handling
- 1.2 Information Disclosure/Sensitive Data Exposure
- 1.3 Trusting Untrusted Sources (**This should be renamed**)
- 1.4 Lack of Proper Encryption in Transit
- 1.5 Lack of Proper Encryption at Rest
- 1.6 Using Components with Known Vulnerabilities
- 1.7 Running Unnecessary Software or Services
- 1.8 Poor Physical Security
- 1.9 Review reputation scoring services (Probably "Detection" for #2"
Potential OWASP Consumer Top Ten
Safe practices for consumers on the web.
Weak password handling
- MFA
- Password Manager
- Strong Passwords
- Password Synchronization
- Security questions
- Don't allow browsers to store passwords
Information Disclosure/Sensitive Data Exposure
- Social Media
- Pictures
- Giving information away
Trusting Untrusted Sources (**This should be renamed**)
- Untrusted Sources
- WiFi
- Downloading files from untrusted sources
- Clicking on links from unknown or unverified sources
Lack of Proper Encryption in Transit
- Do Not Ignore SSL Warnings
- Use Encryption
Lack of Proper Encryption at Rest
- Encrypt PII
- Don't store sensitive information unencrypted
Using Components with Known Vulnerabilities
- Patch
- Configure application settings for security
- Do not configure devices to automatically connect to wifi access points
Running Unnecessary Software or Services
- Don't install unneeded software
- Remove software not in use
- Do not enable services you don't use
Poor Physical Security
- Encrypt devices and drives
- Do not leave mobile devices unattended
- Use an inactivity lockout
- Password protect all devices
Review reputation scoring services (Probably "Detection" for #2"
- Review credit reports
- Review unknown uses of online accounts
- Subscribe to a credit monitoring service
- Freeze credit
