owasp-privacy-top-10
OWASP Top 10 Privacy Risks
This skill encodes the OWASP Top 10 Privacy Risks for privacy-aware design and review. References are loaded per risk. Based on OWASP Top 10 Privacy Risks v2.0 2021.
When to Read Which Reference
| Risk | Read |
|---|---|
| P1 Web Application Vulnerabilities | references/p1-web-app-vulnerabilities.md |
| P2 Operator-sided Data Leakage | references/p2-operator-data-leakage.md |
| P3 Insufficient Data Breach Response | references/p3-breach-response.md |
| P4 Consent on Everything | references/p4-consent.md |
| P5 Non-transparent Policies | references/p5-non-transparent-policies.md |
| P6 Insufficient Deletion of User Data | references/p6-insufficient-deletion.md |
| P7 Insufficient Data Quality | references/p7-data-quality.md |
| P8 Missing or Insufficient Session Expiration | references/p8-session-expiration.md |
| P9 Inability to Access and Modify Data | references/p9-user-access-modify-data.md |
| P10 Excessive Data Collection | references/p10-excessive-collection.md |
More from yariv1025/skills
owasp-mobile-top-10
OWASP Mobile Top 10 - prevention, detection, and remediation for iOS/Android app security. Use when building or reviewing mobile apps - credentials, supply chain, auth, input/output validation, communication, privacy, binary protection, config, data storage, cryptography.
16owasp-api-security-top-10
OWASP API Security Top 10 - prevention, detection, and remediation for REST/GraphQL/API security. Use when designing or reviewing APIs - object- and function-level authorization, authentication, rate limiting and resource consumption, sensitive business flows, SSRF, API inventory and versioning, or consumption of third-party APIs.
14agent-dev-guardrails
Enforce disciplined agent development workflows with plan-first development, small-slice execution, specialized self-review roles, quality gates, and project setup. Use when starting a new project, setting up development conventions, wanting structured planning, or needing the agent to follow best practices for code quality, review, and validation.
8owasp-iot-top-10
OWASP IoT Top 10 - prevention, detection, and remediation for IoT device and ecosystem security. Use when designing or reviewing IoT devices - passwords, network services, ecosystem interfaces, secure updates, components, data transfer/storage, device management, default settings, physical hardening, privacy.
7owasp-serverless-top-10
OWASP Serverless Top 10 - prevention, detection, and remediation for serverless (Lambda, Functions) security. Use when building or reviewing serverless apps - event injection, over-permissioned functions, insecure deps, secrets, config, and other serverless-specific interpretations of the Web Top 10.
7owasp-cicd-top-10
OWASP Top 10 CI/CD Security Risks - prevention, detection, and remediation for pipeline security. Use when securing or reviewing CI/CD - flow control, IAM, dependency chain, poisoned pipeline execution, PBAC, credential hygiene, system config, third-party services, artifact integrity, logging and visibility.
6