Data Security at Rest, In Transit and In Client Browser.
- Encryption – Key Rotation, Storage, Split Knowledge
- Data Masking
- No hard-coded credentials
- Disable Page caching (This comes in handy in case of permission changes)
- Re-verification of identity, object.
- no plain text data exchange
- no weak algorithms
- Discard sensitive data (from session/memory/cache etc.) ASAP.
- Preferably encrypt data even when it is in memory (performance overhead).