In an era marked by pervasive digitalization and the omnipresence of web-based applications, concerns surrounding data privacy have reached unprecedented levels. As individuals increasingly navigate the digital landscape, they face a barrage of potential privacy infringements, such as:
- Third-party data collection
- Exposure of personal and sensitive data in case of an occurred breach
- Security issues with an impact on privacy
Addressing these concerns requires innovative solutions to help users to safeguard their privacy proactively. Browsers have already done quite a leap forward to minimize privacy leakages, with origin-only referrer, third party cookies blocking etc; nonetheless, there are still several bad practices that could affect user privacy during web navigation.
This talk introduces the OWASP Privacy Toolkit, a new cybersecurity community-driven project which aims to improve the protection of the user’s digital privacy by using new and well known techniques. This project embodies the spirit of innovation at the heart of OWASP's mission.
Designed as a browser extension, this toolkit serves as a continuous monitoring, passively scanning webpages for potential privacy vulnerabilities and providing users and developers real-time insights to identify risks and bring awareness on sensitive and personal data handling.
The toolkit goal is to provide the detection of both privacy threats and security issues with an impact on privacy on the browser layer.
The project focuses on the importance of final users and developers education in the realm of digital privacy protection.
At its core, the OWASP Privacy Toolkit leverages a set of detection techniques specifically crafted to identify a broad spectrum of privacy issues, such as:
- Referrer Leakage
- Data Oversharing
- Globally Accessible Data
- Script Positioning Best Practices
- Prototype protection Best Practices
Which are implemented through a combination of:
- Heuristic analysis
- Pattern recognition
- Traffic analysis algorithms
- Development best practices analysis
This presentation will offer a deep dive into the OWASP Privacy Toolkit, exploring the techniques behind its powerful detection capabilities. By exploring the toolkit's underlying principles and technical approach in detail, participants will gain a clear understanding of how it functions within a user's browser environment and the privacy issues it addresses.
The final part of the presentation will feature a live demo showcasing the OWASP Privacy Toolkit in action. Attendees will have the opportunity to see the user interface, and the results of the toolkit’s detection capabilities.
The project was started under the
H2020 TESTABLE Project, funded by the EU.
More information here:
https://owasp.org/www-project-privacy-toolkit/