This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Consumer Best Practices"

From OWASP
Jump to: navigation, search
Line 30: Line 30:
 
* Don't store sensitive information unencrypted
 
* Don't store sensitive information unencrypted
  
==Using Components with Known Vulnerabilities==
+
==Using Components with Known Vulnerabilities (Should configuration and patching be 2 separate?)==
 
* Patch
 
* Patch
 
* Configure application settings for security
 
* Configure application settings for security
Line 46: Line 46:
 
* Password protect all devices
 
* Password protect all devices
  
==Review reputation scoring services (Probably "Detection" for #2"==
+
==Review reputation scoring services (Probably "Detection" for #2)==
 
* Review credit reports
 
* Review credit reports
 
* Review unknown uses of online accounts
 
* Review unknown uses of online accounts
 
* Subscribe to a credit monitoring service
 
* Subscribe to a credit monitoring service
 
* Freeze credit
 
* Freeze credit

Revision as of 04:44, 14 June 2016

Potential OWASP Consumer Top Ten

Safe practices for consumers on the web.

Weak password handling

  • MFA
  • Password Manager
  • Strong Passwords
  • Password Synchronization
  • Security questions
  • Don't allow browsers to store passwords

Information Disclosure/Sensitive Data Exposure

  • Social Media
  • Pictures
  • Giving information away

Trusting Untrusted Sources (**This should be renamed**)

  • Untrusted Sources
  • WiFi
  • Downloading files from untrusted sources
  • Clicking on links from unknown or unverified sources

Lack of Proper Encryption in Transit

  • Do Not Ignore SSL Warnings
  • Use Encryption

Lack of Proper Encryption at Rest

  • Encrypt PII
  • Don't store sensitive information unencrypted

Using Components with Known Vulnerabilities (Should configuration and patching be 2 separate?)

  • Patch
  • Configure application settings for security
  • Do not configure devices to automatically connect to wifi access points

Running Unnecessary Software or Services

  • Don't install unneeded software
  • Remove software not in use
  • Do not enable services you don't use

Poor Physical Security

  • Encrypt devices and drives
  • Do not leave mobile devices unattended
  • Use an inactivity lockout
  • Password protect all devices

Review reputation scoring services (Probably "Detection" for #2)

  • Review credit reports
  • Review unknown uses of online accounts
  • Subscribe to a credit monitoring service
  • Freeze credit