Published on Tuesday, 16 September 2014 17:48
[ Background ]
A group, by the name of “The Knowns”, posted the personal data of customers from a Singapore company online to express their displeasure over recent policy changes.
[ Recommendations ]
- Conduct regular vulnerability assessments and penetration tests on the web applications.
- Promptly patch the vulnerabilities found in the web applications.
- Validate the inputs for each of the field.
- Deploy a web application firewall to protect the web application against known threats.
- Add random data (salt) to the password and hash the salted password before writing it to the database.
- Keep the database server and the web server separate.
- Only store the required information in the database.
- Encrypt the database where possible and implement SSL to encrypt the network communications to mitigate data theft.
[ References ]