Consumer Best Practices

OWASP Consumer Top Ten Safe Web Habits

Safe practices for consumers on the web

= Introduction =

Today, more and more of our personal lives are spent connected to the Internet. We spend a significant amount of time checking email, looking at social media, logging into our financial accounts, shopping, and more. These activities expose our private lives to the internet where potential predators are stalking. Our personal computers are often connected to the internet 24/7 via high-speed data lines, wireless connections extend the boundaries of our houses, and now our home appliances are even exposed to the Internet through web interfaces.

We use these systems because it makes life easier. Where we once had to go to a bank to make financial transactions, they can all be done from the comfort of our home. We used to program our VCRs manually to record our favorite shows. Now we can simply open an application remotely and configure our TV or DVR to automatically record programs whenever we want. The internet has provided so many more conveniences to our lives but they don’t come without risks.

These new technologies can also make life easier for the bad guys. Instead of breaking into your house, reading through your trash, or spying on you through an open window, tech-savvy bad guys can effectively invade your privacy, steal from you, and generally make your life miserable from anywhere in the world. We often think that the danger is somehow different because it is computer based and not face-to-face; however, this is simply not true. How do we protect ourselves from tech-savvy intruders? How do we protect our privacy and the privacy of our loved ones?

Guiding principles used to keep us safe in the physical world can also guide us in the computer world. We may not be aware of how computer attacks occur but we can look at “physical world” habits, which we apply without thinking because they’re habits, and see how they apply to computers.

This document will cover ten habits we can use on our computers and provide recommendations to safeguard against common attacks. Each habit will provide a recommendation for all users and some recommendations for more experienced users. While the recommendations are specific ways the habits can be exercised, the habit themselves should remain valid, even when the computing landscape changes.

=The Habits= H1. Protect your secrets H2. Guard your privacy H3. Use security software and services H4. Secure your environment H5. Perform routine maintenance H6. Think twice before trusting H7. Plan for the worst H8. Clean up your devices and accounts H9. Avoid unnecessary risks H10. Be vigilant and on alert

= Documents (Presentations, PDFs, etc.) = Presentation Slide Deck

=Authors and primary editors=

Todd Benson - todd@grayknightsecurity.com

Martin Stemplinger - mstempl@gmail.com

Andrew van der Stock - vanderaj@owasp.org

Pax@grayknightsecurity.com - pax@grayknightsecurity.com

David Holmes - d.holmes@f5.com

Anthony.Lee - Anthony.Lee@csaa.com