Java Reference
In-Depth Information
he user registration page will be equipped with CAPTCHA* to ensure that form submis-
sions are not performed through bots, which might cause a request overload leading to
denial of service.
6.4.2 Cryptographic Implementation for Panthera's
E-Commerce Application
Cryptography —or cryptology , as it is sometimes referred to—can be deined as the practice and
study of hiding information. Cryptography is used to render text or data readable only to autho-
rized individuals and unreadable to all other individuals who view the said text or data. Encryption
is a process by which data is passed through an encryption algorithm, with the aid of a key, to
be rendered unreadable, and decryption is a process by which the data is passed through the same
encryption algorithm with a key to be rendered readable. Cryptography is a critical element in
the protection of stored data and data being transmitted. As part of the risk assessment process,
Panthera has identiied some critical information assets that need to be encrypted for protection
against Web application attacks. he following are the cryptographic functionalities to be built
into Panthera's e-commerce application:
Encryption for data at rest
Encryption for data in transit
Encryption key management
6.4.2.1 Encryption for Data at Rest
he following security measures are to be implemented for encrypting and decrypting data at rest:
Database column level encryption is to be implemented for all data that need to be encrypted
and stored in the database.
he column storing PAN (primary account number), as part of the transaction database
table of the application of a credit card, shall be encrypted with an AES 256-bit cipher in
CBC (cipher block chaining) mode.
he gift card passcode in the gift card database shall be encrypted with an AES 256-bit
encryption algorithm in CBC mode.
he user passwords will be hashed with a SHA 256-bit one-way hash function with strong
salts.
he user password answers will be hashed with a SHA 256-bit one-way hash function with
strong salts.
* CAPTCHA is a challenge-response test used by Web applications to ensure that human beings and not com-
puter bots are submitting forms on a Web application. CAPTCHAs are images that consist of text-based char-
acters that are undecipherable to bots but are decipherable by human beings, and the content of the message in
the CAPTCHA needs to be illed in by the individual submitting the form to a Web application. he form is
not submitted if this CAPTCHA is not submitted by the user.
Cryptography as deined in Wikipedia: en.wikipedia.org/wiki/Cryptography.
Search WWH ::




Custom Search