OWASP Annotated Application Security Verification Standard
latest

Browse by chapter:

  • 1 Architecture, Design and Threat Modeling
  • 2 Authentication
  • 3 Session Management
  • 4 Access Control
  • 5 Validation, Sanitization and Encoding
  • 6 Stored Cryptography
  • 7 Error Handling and Logging
  • 8 Data Protection
    • 8.1 General Data Protection
    • 8.2 Client-side Data Protection
    • 8.3 Sensitive Private Data
      • 8.3.1 HTTP Query string parameters do not contain sensitive data
      • 8.3.2 Users have a method to remove or export their data on demand
      • 8.3.3 Clear language is used regarding personal information and users have provided opt-in consent
      • 8.3.4 All sensitive data has been identified and a policy is in place
      • 8.3.5 TODO
      • 8.3.6 TODO
      • 8.3.7 TODO
      • 8.3.8 TODO
  • 9 Communications
  • 10 Malicious Code
  • 11 Business Logic
  • 12 Files and Resources
  • 13 API and Web Service
  • 14 Configuration
OWASP Annotated Application Security Verification Standard
  • Docs »
  • 8 Data Protection »
  • 8.3 Sensitive Private Data »
  • 8.3.3 Clear language is used regarding personal information and users have provided opt-in consent

8.3.3 Clear language is used regarding personal information and users have provided opt-in consentΒΆ

Verify that users are provided clear language regarding collection and use of supplied personal information and that users have provided opt-in consent for the use of that data before it is used in any way.

Level 1 X
Level 2 X
Level 3 X
CWE NIST
285  
Next Previous

© Copyright 2019 Wessel van der Linden Revision 63d1bede.

Built with Sphinx using a theme provided by Read the Docs.