This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Consumer Best Practices"

From OWASP
Jump to: navigation, search
(Potential OWASP Consumer Top Ten)
m (Updated email address)
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Potential OWASP Consumer Top Ten =
 
  
Safe practices for consumers on the web.
+
'''OWASP Consumer Top Ten Safe Web Habits'''
  
TODO:
+
''Safe practices for consumers on the web''
*Needs a proper order
 
*Approve format
 
*When this is done, we will have a great security awareness doc for home users
 
  
== Weak Password Handling ==
+
How can you stay safe on the Internet? Surprisingly much the same you do in the real world. In this list, targeted for technical and less-technically minded users (Hi dad!), general habits are covered, as well as some specific steps you can take to increase your security and privacy and decrease your risk online.  
'''Description:'''
 
Passwords are the most common way in which application and services allow us to authenticate ourselves. We authenticate by providing something known only to us to the system, therefore proving we are who we have identified ourselves as....
 
  
'''Threats:'''
+
= Introduction =
Easy to guess passwords allow...
 
  
'''Impact:'''
+
Today, more and more of our personal lives are spent connected to the Internet. We spend a significant amount of time checking email, looking at social media, logging into our financial accounts, shopping, and more. These activities expose our private lives to the internet where potential predators are stalking. Our personal computers are often connected to the internet 24/7 via high-speed data lines, wireless connections extend the boundaries of our houses, and now our home appliances are even exposed to the Internet through web interfaces.  
Weak password handling can result...
 
  
'''Recommendations:'''
+
We use these systems because it makes life easier. Where we once had to go to a bank to make financial transactions, they can all be done from the comfort of our home. We used to program our VCRs manually to record our favorite shows. Now we can simply open an application remotely and configure our TV or DVR to automatically record programs whenever we want. The internet has provided so many more conveniences to our lives but they don’t come without risks.
* Use Multi-factor Authentication, especially on important accounts
 
* Use a Password Manager
 
* Use Strong Passwords
 
* Avoid using the same password across different accounts
 
* Do not answer security questions with easily identifiable or enumerable answers
 
* Do not allow browsers to store passwords
 
* Do not share your passwords
 
  
==Information Disclosure/Sensitive Data Exposure==
+
These new technologies can also make life easier for the bad guys. Instead of breaking into your house, reading through your trash, or spying on you through an open window, tech-savvy bad guys can effectively invade your privacy, steal from you, and generally make your life miserable from anywhere in the world. We often think that the danger is somehow different because it is computer based and not face-to-face; however, this is simply not true. How do we protect ourselves from tech-savvy intruders? How do we protect our privacy and the privacy of our loved ones?
* Social Media
 
* Pictures
 
* Giving information away
 
  
==Trusting Untrusted Sources==
+
Guiding principles used to keep us safe in the physical world can also guide us in the computer world. We may not be aware of how computer attacks occur but we can look at “physical world” habits, which we apply without thinking because they’re habits, and see how they apply to computers.
* Untrusted Sources
 
* Untrusted WiFi, computers, or email
 
* Downloading files from untrusted sources
 
* Clicking on links from unknown or unverified sources
 
* Review credit reports
 
* Review unknown uses of online accounts
 
* Subscribe to a credit monitoring service
 
* Freeze credit
 
  
==Lack of Proper Encryption in Transit==
+
This document will cover ten habits we can use on our computers and provide recommendations to safeguard against common attacks. Each habit will provide a recommendation for all users and some recommendations for more experienced users. While the recommendations are specific ways the habits can be exercised, the habit themselves should remain valid, even when the computing landscape changes.
* Do not ignore SSL warnings
 
* Use Encryption
 
  
==Lack of Proper Encryption at Rest==
+
=The Habits=
* Encrypt PII
+
[[H1. Protect your secrets]]
* Don't store sensitive information unencrypted
+
[[H2. Guard your privacy]]
* Includes physical info - do not write down password, shred sensitive documents, protect your SSN, etc.
+
[[H3. Use security software and services]]
 +
[[H4. Secure your environment]]
 +
[[H5. Perform routine maintenance]]
 +
[[H6. Think twice before trusting]]
 +
[[H7. Plan for the worst]]
 +
[[H8. Clean up your devices and accounts]]
 +
[[H9. Avoid unnecessary risks]]
 +
[[H10. Be vigilant and on alert]]
  
==Using Components with Known Vulnerabilities==
+
= Documents (Presentations, PDFs, etc.) =
* Patch
+
[[:File:OWASP_Consumer_Top_Ten_Safe_Web_Habits.pdf |PDF File of the Online Content]]
  
==Lack of Secure Configuration==
+
[[:File:OWASP_Consumer_Top_10_Safe_Habits.pptx |Presentation Slide Deck]]
* Configure application settings for security
 
* Do not configure devices to automatically connect to wifi access points
 
  
==Running Unnecessary Software or Services==
+
[[:File:OWASP Consumer Top 10 Safe Habits PDF.pdf |PDF File of the Presentation Slide Deck]]
* Do not install unneeded software
 
* Remove software not in use
 
* Do not enable services you don't use
 
  
==Poor Physical Security==
+
=Authors and primary editors=
* Encrypt devices and drives
 
* Do not leave mobile devices unattended
 
* Use an inactivity lockout
 
* Password protect all devices
 
  
==Lack of Proper Defense==
+
Todd Benson - [email protected]
* Use Personal Firewalls
+
 
* Properly Secure Wireless Access Points
+
Martin Stemplinger - [email protected]
* Use Intrusion Detection Services
+
 
* Use anti-virus
+
Andrew van der Stock - [email protected]
* Backup important data
+
 
* Learn to recognize threats?
+
Pax Whitmore - [email protected]
 +
 
 +
David Holmes - [email protected]
 +
 
 +
Anthony.Lee - [email protected]

Latest revision as of 18:17, 23 May 2019

OWASP Consumer Top Ten Safe Web Habits

Safe practices for consumers on the web

How can you stay safe on the Internet? Surprisingly much the same you do in the real world. In this list, targeted for technical and less-technically minded users (Hi dad!), general habits are covered, as well as some specific steps you can take to increase your security and privacy and decrease your risk online.

Introduction

Today, more and more of our personal lives are spent connected to the Internet. We spend a significant amount of time checking email, looking at social media, logging into our financial accounts, shopping, and more. These activities expose our private lives to the internet where potential predators are stalking. Our personal computers are often connected to the internet 24/7 via high-speed data lines, wireless connections extend the boundaries of our houses, and now our home appliances are even exposed to the Internet through web interfaces.

We use these systems because it makes life easier. Where we once had to go to a bank to make financial transactions, they can all be done from the comfort of our home. We used to program our VCRs manually to record our favorite shows. Now we can simply open an application remotely and configure our TV or DVR to automatically record programs whenever we want. The internet has provided so many more conveniences to our lives but they don’t come without risks.

These new technologies can also make life easier for the bad guys. Instead of breaking into your house, reading through your trash, or spying on you through an open window, tech-savvy bad guys can effectively invade your privacy, steal from you, and generally make your life miserable from anywhere in the world. We often think that the danger is somehow different because it is computer based and not face-to-face; however, this is simply not true. How do we protect ourselves from tech-savvy intruders? How do we protect our privacy and the privacy of our loved ones?

Guiding principles used to keep us safe in the physical world can also guide us in the computer world. We may not be aware of how computer attacks occur but we can look at “physical world” habits, which we apply without thinking because they’re habits, and see how they apply to computers.

This document will cover ten habits we can use on our computers and provide recommendations to safeguard against common attacks. Each habit will provide a recommendation for all users and some recommendations for more experienced users. While the recommendations are specific ways the habits can be exercised, the habit themselves should remain valid, even when the computing landscape changes.

The Habits

H1. Protect your secrets
H2. Guard your privacy
H3. Use security software and services
H4. Secure your environment
H5. Perform routine maintenance
H6. Think twice before trusting
H7. Plan for the worst
H8. Clean up your devices and accounts
H9. Avoid unnecessary risks
H10. Be vigilant and on alert

Documents (Presentations, PDFs, etc.)

PDF File of the Online Content

Presentation Slide Deck

PDF File of the Presentation Slide Deck

Authors and primary editors

Todd Benson - [email protected]

Martin Stemplinger - [email protected]

Andrew van der Stock - [email protected]

Pax Whitmore - [email protected]

David Holmes - [email protected]

Anthony.Lee - [email protected]