This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Consumer Best Practices"
From OWASP
Line 9: | Line 9: | ||
* Password Synchronization | * Password Synchronization | ||
* Security questions | * Security questions | ||
+ | * Don't allow browsers to store passwords | ||
==Information Disclosure/Sensitive Data Exposure== | ==Information Disclosure/Sensitive Data Exposure== | ||
Line 18: | Line 19: | ||
* Untrusted Sources | * Untrusted Sources | ||
* WiFi | * WiFi | ||
− | * | + | * Downloading files from untrusted sources |
+ | * Clicking on links from unknown or unverified sources | ||
==Lack of Proper Encryption in Transit== | ==Lack of Proper Encryption in Transit== | ||
Line 31: | Line 33: | ||
* Patch | * Patch | ||
* Configure application settings for security | * Configure application settings for security | ||
+ | * Do not configure devices to automatically connect to wifi access points | ||
+ | |||
+ | ==Running Unnecessary Software or Services== | ||
+ | * Don't install unneeded software | ||
+ | * Remove software not in use | ||
+ | * Do not enable services you don't use | ||
+ | |||
+ | ==Physical Security== | ||
+ | * Encrypt devices and drives | ||
+ | * Do not leave mobile devices unattended | ||
+ | * USe an inactivity lockout | ||
+ | * Password protect all devices | ||
+ | |||
+ | ==Review reputation scoring services (Needs to be renamed to a vulnerability)== | ||
+ | - Review credit reports | ||
+ | - Review unknown uses of online accounts | ||
+ | - Subscribe to a credit monitoring service | ||
+ | - Freeze credit |
Revision as of 04:35, 14 June 2016
- 1 Potential OWASP Consumer Top Ten
- 1.1 Weak password handling
- 1.2 Information Disclosure/Sensitive Data Exposure
- 1.3 Trusting Untrusted Sources (**This should be renamed**)
- 1.4 Lack of Proper Encryption in Transit
- 1.5 Lack of Proper Encryption at Rest
- 1.6 Using Components with Known Vulnerabilities
- 1.7 Running Unnecessary Software or Services
- 1.8 Physical Security
- 1.9 Review reputation scoring services (Needs to be renamed to a vulnerability)
Potential OWASP Consumer Top Ten
Safe practices for consumers on the web.
Weak password handling
- MFA
- Password Manager
- Strong Passwords
- Password Synchronization
- Security questions
- Don't allow browsers to store passwords
Information Disclosure/Sensitive Data Exposure
- Social Media
- Pictures
- Giving information away
Trusting Untrusted Sources (**This should be renamed**)
- Untrusted Sources
- WiFi
- Downloading files from untrusted sources
- Clicking on links from unknown or unverified sources
Lack of Proper Encryption in Transit
- Do Not Ignore SSL Warnings
- Use Encryption
Lack of Proper Encryption at Rest
- Encrypt PII
- Don't store sensitive information unencrypted
Using Components with Known Vulnerabilities
- Patch
- Configure application settings for security
- Do not configure devices to automatically connect to wifi access points
Running Unnecessary Software or Services
- Don't install unneeded software
- Remove software not in use
- Do not enable services you don't use
Physical Security
- Encrypt devices and drives
- Do not leave mobile devices unattended
- USe an inactivity lockout
- Password protect all devices
Review reputation scoring services (Needs to be renamed to a vulnerability)
- Review credit reports - Review unknown uses of online accounts - Subscribe to a credit monitoring service - Freeze credit