This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Consumer Best Practices
From OWASP
- 1 Potential OWASP Consumer Top Ten
- 1.1 Weak password handling
- 1.2 Information Disclosure/Sensitive Data Exposure
- 1.3 Trusting Untrusted Sources (**This should be renamed**)
- 1.4 Lack of Proper Encryption in Transit
- 1.5 Lack of Proper Encryption at Rest
- 1.6 Using Components with Known Vulnerabilities
- 1.7 Running Unnecessary Software or Services
- 1.8 Physical Security
- 1.9 Review reputation scoring services (Needs to be renamed to a vulnerability)
Potential OWASP Consumer Top Ten
Safe practices for consumers on the web.
Weak password handling
- MFA
- Password Manager
- Strong Passwords
- Password Synchronization
- Security questions
- Don't allow browsers to store passwords
Information Disclosure/Sensitive Data Exposure
- Social Media
- Pictures
- Giving information away
Trusting Untrusted Sources (**This should be renamed**)
- Untrusted Sources
- WiFi
- Downloading files from untrusted sources
- Clicking on links from unknown or unverified sources
Lack of Proper Encryption in Transit
- Do Not Ignore SSL Warnings
- Use Encryption
Lack of Proper Encryption at Rest
- Encrypt PII
- Don't store sensitive information unencrypted
Using Components with Known Vulnerabilities
- Patch
- Configure application settings for security
- Do not configure devices to automatically connect to wifi access points
Running Unnecessary Software or Services
- Don't install unneeded software
- Remove software not in use
- Do not enable services you don't use
Physical Security
- Encrypt devices and drives
- Do not leave mobile devices unattended
- USe an inactivity lockout
- Password protect all devices
Review reputation scoring services (Needs to be renamed to a vulnerability)
- Review credit reports - Review unknown uses of online accounts - Subscribe to a credit monitoring service - Freeze credit
