This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User talk:Mohammed ALDOUB"
(→Testing: new section) |
(→User Legal and Political Protection Cheat Sheet: new section) |
||
| Line 7: | Line 7: | ||
Hello, I'm testing. If you see this, please say Hello World | Hello, I'm testing. If you see this, please say Hello World | ||
| + | |||
| + | == User Legal and Political Protection Cheat Sheet == | ||
| + | |||
| + | |||
| + | == Introduction == | ||
| + | |||
| + | The political and legal impact of online activities has been rising significantly over the years, with users now able to take down entire governments and change legislation using online services and social networking. This fact puts into focus the grave danger users are getting introduced to by using these online services, especially in oppressive regions around the world. | ||
| + | |||
| + | This OWASP Cheat Sheet introduces risks and mitigations that web developers need to realize in order to protect their users from a vast array of potential aggressors, including oppressive governments and organized crime rings around the world. | ||
| + | |||
| + | |||
| + | == Scope of Threats == | ||
| + | |||
| + | An array of potential threats surrounds online users, and this cheat sheet focuses on political and legal threats that users might face by using these online services, especially social networking and communication platforms. The various reports of imprisonments and even execution for users in some parts of the world simply for using online services must be taken seriously by web developers. | ||
| + | |||
| + | |||
| + | == Guidelines == | ||
| + | |||
| + | '''1- Strong Cryptography: | ||
| + | ''' | ||
| + | |||
| + | Any online platform that handles user identities, private information or communications must be secured with the usage of strong cryptography. User communications must be encrypted in transit and storage. User secrets such as passwords must also be protected using strong, collision-resistant hashing algorithms, in order to greatly mitigate the risks of exposed credentials as well as proper integrity control. | ||
| + | |||
| + | To protect data in transit, while adhering to TSL/SSL best practices such as verified certificates, adequately protected private keys, usage of strong ciphers only. | ||
Revision as of 08:40, 6 August 2012
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 11:26, 31 May 2012 (UTC)
Testing
Hello, I'm testing. If you see this, please say Hello World
User Legal and Political Protection Cheat Sheet
Introduction
The political and legal impact of online activities has been rising significantly over the years, with users now able to take down entire governments and change legislation using online services and social networking. This fact puts into focus the grave danger users are getting introduced to by using these online services, especially in oppressive regions around the world.
This OWASP Cheat Sheet introduces risks and mitigations that web developers need to realize in order to protect their users from a vast array of potential aggressors, including oppressive governments and organized crime rings around the world.
Scope of Threats
An array of potential threats surrounds online users, and this cheat sheet focuses on political and legal threats that users might face by using these online services, especially social networking and communication platforms. The various reports of imprisonments and even execution for users in some parts of the world simply for using online services must be taken seriously by web developers.
Guidelines
1- Strong Cryptography:
Any online platform that handles user identities, private information or communications must be secured with the usage of strong cryptography. User communications must be encrypted in transit and storage. User secrets such as passwords must also be protected using strong, collision-resistant hashing algorithms, in order to greatly mitigate the risks of exposed credentials as well as proper integrity control.
To protect data in transit, while adhering to TSL/SSL best practices such as verified certificates, adequately protected private keys, usage of strong ciphers only.
