This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Consumer Best Practices"
From OWASP
(Created page with "= Potential OWASP Consumer Top Ten = Safe practices for consumers on the web. == Weak password handling == - MFA - Password Manager - Strong Passwords - Password Synchroniza...") |
|||
Line 4: | Line 4: | ||
== Weak password handling == | == Weak password handling == | ||
− | + | * MFA | |
− | + | * Password Manager | |
− | + | * Strong Passwords | |
− | + | * Password Synchronization | |
− | + | * Security questions | |
==Information Disclosure/Sensitive Data Exposure== | ==Information Disclosure/Sensitive Data Exposure== | ||
− | + | * Social Media | |
− | + | * Pictures | |
− | + | * Giving information away | |
==Trusting Untrusted Sources (**This should be renamed**)== | ==Trusting Untrusted Sources (**This should be renamed**)== | ||
− | + | * Untrusted Sources | |
− | + | * WiFi | |
− | + | * Use antivirus | |
==Lack of Proper Encryption in Transit== | ==Lack of Proper Encryption in Transit== | ||
− | + | * Do Not Ignore SSL Warnings | |
− | + | * Use Encryption | |
==Lack of Proper Encryption at Rest== | ==Lack of Proper Encryption at Rest== | ||
− | + | * Encrypt PII | |
− | + | * Don't store sensitive information unencrypted | |
==Using Components with Known Vulnerabilities== | ==Using Components with Known Vulnerabilities== | ||
− | + | * Patch | |
− | + | * Configure application settings for security |
Revision as of 17:36, 10 June 2016
Potential OWASP Consumer Top Ten
Safe practices for consumers on the web.
Weak password handling
- MFA
- Password Manager
- Strong Passwords
- Password Synchronization
- Security questions
Information Disclosure/Sensitive Data Exposure
- Social Media
- Pictures
- Giving information away
Trusting Untrusted Sources (**This should be renamed**)
- Untrusted Sources
- WiFi
- Use antivirus
Lack of Proper Encryption in Transit
- Do Not Ignore SSL Warnings
- Use Encryption
Lack of Proper Encryption at Rest
- Encrypt PII
- Don't store sensitive information unencrypted
Using Components with Known Vulnerabilities
- Patch
- Configure application settings for security