[Owasp_top_10_privacy_risks_project] OWASP Top 10 Privacy Risks presented at IPEN in Berlin / Description available

Colin Watson colin.watson at owasp.org
Sat Nov 1 12:00:07 UTC 2014


Congratulation on the recent activities.

Thank you for the additional explanation about P6.


But I was also wondering about P9 and P10:

   P9   - Missing or insufficient Session Expiration
   P10 - Insecure Data Transfer

Aren't these already part of "P1 - Web Application Vulnerabilities"
which is described as "his risk also encompasses the OWASP Top 10 List
of web application vulnerabilities and the risks resulting from
them.".  If not, how are P9 and P10 different please?

Project Name/Label

This is web application privacy risks. Could there be a mobile app
version too? I wonder if it is different?

Use of OWASP Mailing List

CCing this to the project mailing list, as the original message wasn't
sent there.

Also, I asked a question on the mailing list in August:


It was never replied to. I don't mind being ignored ;-) but wondered
is there some other place we are meant to contribute and share (e.g.
ZAP uses a Google Group)?  If so, can you set an auto-responder on the
OWASP mailing list to say it is not used please.



On 1 November 2014 08:25, Florian Stahl <florian.stahl at owasp.org> wrote:
> Dear members of the OWASP Top 10 Privacy Risks project,
> I just want to inform you about recent activities:
> The initial presentation of our Top 10 Privacy Risks took place at the first
> IPEN workshop in Berlin. Read about it in the IAPP blog
> We created a description of our Top 10 Risks. Thanks to Lukasz Olejnik from
> Inria Privatics and Tim Gough from the Guardian for their support. Feel free
> to send feedback.
> We updated the title of P6 (former Collection of data not required for the
> user-consented purpose) to "Collection of data not required for primary
> purpose" for better understanding and improved English.
> Now we aim to reach the status of an OWASP Lab project which represents
> projects that have produced an OWASP reviewed deliverable of value
> Next presentations of our project will be on 9 December at the German OWASP
> Day in Hamburg and at the IAPP Global Privacy Summit in Washington DC (4-6
> March 2015). Let me know if you will be there.
> Have a good weekend,
> Florian
> --
> Project Leader OWASP Top 10 Privacy Risks
> Lead Consultant msg systems
> Munich / Germany
> Project: https://www.owasp.org/index.php/OWASP_Top_10_Privacy_Risks_Project
> Company: www.msg-systems.com
> Blog: www.securitybydesign.de

More information about the Owasp_top_10_privacy_risks_project mailing list