Sometimes passwords or credit card data and other such sensitive data needs to be stored inside the application or on the database. In all such cases, the data shall never be stored in plain text – it shall always be encrypted.
- When the sensitive data is stored in the database (like user ids for logging in, or credit card numbers), it will use high encryption such as AES256 or better. Any seeds or salted keys will also be encrypted using some such mechanism and stored as a static variable inside the database or application.
- Any data to be transmitted from one machine to another:
- shall use the most recent high encryption transport technology (currently TLS 1.2 or 1.3) and
- shall not use any encryption found to have been compromised (SSL1 through TLS1.1 etc)
- Any key, user id, or encryption salt that must, by necessity, be stored in the application shall also be encrypted as a static variable and decrypted before use during each run of the application and/or of that method so that keys rarely exist even in memory in unencrypted form.
- Any un-encrypted key should be in local variables so that they are destructed automatically at the end of the method. This constant decryption and discarding of keys, salts, logins, and credit card data should minimize the possibility that it may exist in real memory, or even in virtual memory
- Never use real credit cards to test credit card processes in the test environment. Use the supplied test cards and accounts that are provided by the test merchants.