This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Top 10 Privacy Risks Project
OWASP Top 10 Privacy Risks ProjectOWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. The list will cover technological and organizational aspects like missing data encryption or the lack of transparency.
IntroductionDiscussions about how to protect privacy and personal data are ongoing and mostly pushed by lawyers and legal experts. But there is no specific description of privacy risks for web applications that companies can apply during development and for users to check whether their privacy is protected well. There are helpful concepts like Privacy by Design, but no detailed description of real life risks causing incidents and privacy breaches in practice. This project will mitigate this gap and create a Top 10 list with technical and organizational privacy risks in web applications and possible counter-measures. Beyond that, we want to raise the awareness of software developers and the management for privacy risks during the SDLC and the usage of the data, bring visibility to the right issues and create a community of people that gives practical input for further developement of this project.
DescriptionA detailed description will be provided shortly.
LicensingOWASP Top 10 Privacy Risks Project is free to use. It is licensed under the GNU GPL v3 License.
|
What is the Top 10 Privacy Risks Project?Description in a nutshell
Contact us
Project Leader
Related Projects
|
Quick Download
News and Events
External Links
Classifications |
- Why is this project only about web applications and not about any kind of software?
- Web applications often collect data from users without their permission or informing them about the usage of their data. Trackers and cookies deliberately enable the monitoring of the users behaviour for selling their data. Besides that, the information brought up in this project could be used for any other kind of software.
- What is the difference between this project and the OWASP top 10?
- There are two main differences. First, the OWASP top 10 describes technical risks, that are not affecting privacy primarily. Second, the OWASP top 10 does neither regard intended parts of the software like cookies or trackers nor organisational issues like privacy agreements or profiling.
- Q3
- A3
Volunteers
The Top 10 Privacy Risk list is developed by a team of volunteers. The primary contributors to date have been:
- Florian Stahl
- Stefan Burgmair
Partners
As of February 2014, the priorities are:
- Collection of interested participants (building a team) - Q1/2014.
- Draft ideas for top 10-20 privacy risks - Q2/2014.
- Prioritize/rate and improve the list of Top 10 Privacy Risks until end of 2014 (Version 1.0).
- Ongoing improvement / re-rating.
Involvement in the development and promotion of the project is actively encouraged! You do not have to be a security or privacy expert in order to contribute. Some of the ways you can help:
- Answer the questionnaire for identifying and rating the Top 10 privacy list (will be provided soon)
- Tell your colleagues and friends about the project
- Provide feedback and input (feel free to contact us)
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|