Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Sensitive data is encrypted in the database using strong symmetric encryption (for example, 3DES). |
|
| Symmetric encryption keys are backed up and encrypted with DPAPI and stored in a restricted registry key. |
|
| Sensitive data is secured over the network by using SSL or IPSec. |
|
| Passwords are not stored in custom user store databases. Password hashes are stored with salt values instead. |
Категории