| layout | title | tags | level | type | pitch |
|---|---|---|---|---|---|
col-sidebar |
OWASP Data Security Top 10 |
cloud data datasecurity security top10 data-security cloud-data cloud-data-security roadmap news acknowledgments |
2 |
documentation |
Best practices guide for securing data, whether at rest or in motion. The guide provides information about the most major security risks for storing and moving sensitive and PII information, the challenges involved, and how to overcome them. |
Data is the most important asset many organizations posses, yet often data security is not the top priority. Data is fundamentally the only asset companies should thrive to protect. The guide provides information about the most major security risks for storing and moving sensitive and PII information, the challenges involved, and how to overcome them.
OWASP Data Security Top 10 wants to raise awareness about the consequences of the most common data security vulnerabilities and provide basic techniques to identify and protect against them.
You do not have to be a security expert or a programmer to contribute. Contact the project leader(s) to get involved. We welcome any suggestions and comments. Possible ways to contribute:
- We are actively looking for organizations and individuals who understand data security challenges.
- Individuals and organizations contributing to the project will be listed on the acknowledgments page.
-
DATA1:2023 - Injection Attacks
Unauthorized individuals exploiting vulnerabilities to inject malicious code or commands that can compromise data integrity and confidentiality. Continue reading.
-
DATA2:2023 - Broken Authentication and Access Control
Weak authentication mechanisms, inadequate access controls, or misconfigured permissions that allow unauthorized access to sensitive data. Continue reading.
-
Unauthorized disclosure or theft of sensitive data, compromising its confidentiality and potentially leading to legal and reputational consequences. Continue reading.
-
DATA4:2023 - Malware and Ransomware Attacks
Malicious software infections that can compromise data availability, confidentiality, and integrity, often through phishing attacks or unpatched software vulnerabilities. Continue reading.
-
Malicious or unintentional actions by authorized users, such as employees or contractors, that lead to unauthorized access, misuse, or exposure of sensitive data. Continue reading.
-
DATA6:2023 - Weak Cryptography
Inadequate encryption practices, including weak algorithms, improper key management, or lack of encryption, making data vulnerable to unauthorized access or tampering. Continue reading.
-
DATA7:2023 - Insecure Data Handling
Improper storage, transmission, or disposal of sensitive data, leading to inadvertent exposure or loss. Continue reading.
-
DATA8:2023 - Inadequate Third-Party Security
Insufficient security measures by third-party vendors or integrations, creating vulnerabilities that can be exploited to gain unauthorized access to data. Continue reading.
-
DATA9:2023 - Data Inventory and Data Management
Incomplete or inaccurate inventory of digital assets and inadequate data management practices, leading to difficulties in protecting and securing data effectively. Continue reading.
-
DATA10:2023 - Non-Compliance with Data Protection Regulations
Failure to comply with applicable data protection regulations, industry standards, and legal requirements, exposing organizations to legal liabilities and reputational harm. Continue reading.
The OWASP Data Security Project documents are free to use!
The OWASP Data Security Project is licensed under the Creative Commons Attribution-ShareAlike 4.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.