Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer’s view in any way.

  4 posts tagged with "privacy"

Gone on too long, P-8 Missing or Insufficient Session Expiration

posted on July 12, 2022 | tags: [ owasp, privacy ]
Build it right

From OWASP on P-8: Failure to effectively enforce session termination. May result in collection of additional user-data without the user’s consent or awareness.

Cyber Security Month Presentation - DAMA Philadelphia

posted on October 27, 2021 | tags: [ owasp, privacy, dama ]
Zoom Presenters

I presented the OWASP Top 10 Privacy Risks project to DAMA Philadelphia for their Cyber Security Month event.

Why do we need all of this data? OWASP Privacy Risks - P-10

posted on October 20, 2021 | tags: [ owasp, privacy ]
Trawler with illegal catch

P-10 Collection of data not required for the user-consented purpose and the "Lean Data Commitment".

Empower our users, they own their data. OWASP Privacy Risks - P-9

posted on October 20, 2021 | tags: [ owasp, privacy ]
Jail

P-9 "Inability of users to access and modify data" identifies data lockin by organizations as a privacy risk.