For example, passwords should remain encrypted
while being stored in databases, and secure data segregation should be
implemented. Improper implementation of cryptography components has
commonly opened many doors for unauthorized access to sensitive data.
5. Eliminating misconfigurations, backdoors, and default settings A common
but insecure practice for many software vendors is shipping software with
backdoors, utilities, and administrative features that help the receiving
administrator learn and implement the product. The problem is that these
enhancements usually contain serious security flaws. These items should always
be disabled before shipment and require the customer to enable them; and all
backdoors should be properly extracted from source code.
6. Security quality assurance Security should be a core discipline during the
designing of the product, the specification and developing phases, and during
the testing phases. An example of this is vendors who create security quality
assurance (SQA) teams to manage all security-related issues.
So What Should We Do from Here on Out?
There are several things that we can do to help improve the situation, but it requires everyone
involved to be more proactive, more educated, and more motivated.
Pages:
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204