The Open Web Application Security Project (OWASP) published its findings on the ‘Top 10 Privacy Risks’ for 2014. The aim, according to one of the developers of OWASP, was to build a top-10 list of both technical and organisational risks to “help people with developing web applications, or a social network.”
The OWASP is an organisation that provides practical information about computer and Internet applications. Members include a variety of security experts from around the world who share knowledge of vulnerabilities, threats, attacks and countermeasures.
The study should help organisations to not only identify risks, but to also try to minimise them.
According to the study, the top 10 privacy risks in 2014 are:
- Web application vulnerabilities
- Operator-sided data leakage
- Insufficient data breach response
- Insufficient deletion of personal data
- Non-transparent policies, terms and conditions
- Collection of data not required for the user-consented purpose
- Sharing data with third party
- Outdated personal data
- Missing or insufficient session expiration
- Insecure data transfer
The report provides a good basis for helping organisations to assess the risk of vulnerabilities by measuring different factors of a potential attack, like an attack’s impact on the organisation or the motivation of the attacker.