This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Consumer Best Practices"
From OWASP
| Line 9: | Line 9: | ||
* Password Synchronization | * Password Synchronization | ||
* Security questions | * Security questions | ||
| + | * Don't allow browsers to store passwords | ||
==Information Disclosure/Sensitive Data Exposure== | ==Information Disclosure/Sensitive Data Exposure== | ||
| Line 18: | Line 19: | ||
* Untrusted Sources | * Untrusted Sources | ||
* WiFi | * WiFi | ||
| − | * | + | * Downloading files from untrusted sources |
| + | * Clicking on links from unknown or unverified sources | ||
==Lack of Proper Encryption in Transit== | ==Lack of Proper Encryption in Transit== | ||
| Line 31: | Line 33: | ||
* Patch | * Patch | ||
* Configure application settings for security | * Configure application settings for security | ||
| + | * Do not configure devices to automatically connect to wifi access points | ||
| + | |||
| + | ==Running Unnecessary Software or Services== | ||
| + | * Don't install unneeded software | ||
| + | * Remove software not in use | ||
| + | * Do not enable services you don't use | ||
| + | |||
| + | ==Physical Security== | ||
| + | * Encrypt devices and drives | ||
| + | * Do not leave mobile devices unattended | ||
| + | * USe an inactivity lockout | ||
| + | * Password protect all devices | ||
| + | |||
| + | ==Review reputation scoring services (Needs to be renamed to a vulnerability)== | ||
| + | - Review credit reports | ||
| + | - Review unknown uses of online accounts | ||
| + | - Subscribe to a credit monitoring service | ||
| + | - Freeze credit | ||
Revision as of 04:35, 14 June 2016
- 1 Potential OWASP Consumer Top Ten
- 1.1 Weak password handling
- 1.2 Information Disclosure/Sensitive Data Exposure
- 1.3 Trusting Untrusted Sources (**This should be renamed**)
- 1.4 Lack of Proper Encryption in Transit
- 1.5 Lack of Proper Encryption at Rest
- 1.6 Using Components with Known Vulnerabilities
- 1.7 Running Unnecessary Software or Services
- 1.8 Physical Security
- 1.9 Review reputation scoring services (Needs to be renamed to a vulnerability)
Potential OWASP Consumer Top Ten
Safe practices for consumers on the web.
Weak password handling
- MFA
- Password Manager
- Strong Passwords
- Password Synchronization
- Security questions
- Don't allow browsers to store passwords
Information Disclosure/Sensitive Data Exposure
- Social Media
- Pictures
- Giving information away
Trusting Untrusted Sources (**This should be renamed**)
- Untrusted Sources
- WiFi
- Downloading files from untrusted sources
- Clicking on links from unknown or unverified sources
Lack of Proper Encryption in Transit
- Do Not Ignore SSL Warnings
- Use Encryption
Lack of Proper Encryption at Rest
- Encrypt PII
- Don't store sensitive information unencrypted
Using Components with Known Vulnerabilities
- Patch
- Configure application settings for security
- Do not configure devices to automatically connect to wifi access points
Running Unnecessary Software or Services
- Don't install unneeded software
- Remove software not in use
- Do not enable services you don't use
Physical Security
- Encrypt devices and drives
- Do not leave mobile devices unattended
- USe an inactivity lockout
- Password protect all devices
Review reputation scoring services (Needs to be renamed to a vulnerability)
- Review credit reports - Review unknown uses of online accounts - Subscribe to a credit monitoring service - Freeze credit
