Software Development Security Practices
In the Developing Secure Software section of the 2012 IBM X-Force Mid Year Trend and Risk Report, data is presented on proven processes and techniques for creating secure software. We discuss how enterprises can find existing vulnerabilities and help prevent new ones from being introduced. If you use networked or web applications to collect or exchange sensitive data, your job as a security professional is harder now than ever before.
Email password security
The connection between websites, cloud-based services, and webmail provides a seamless experience from device to device, but users should be cautious about how these accounts are connected, the security of the password, and what private data has been provided for password recovery or account resetting.
In the past six months millions of email addresses and passwords have been exposed on public sites. In our report we have taken a comprehensive look at this problem from both the end user and the web developer. We identify weaknesses in current password security techniques, and we offer recommendations for protecting this crucial information.
Given the speed of password recovery tools, weak passwords can be discovered from leaked database hashes in seconds. The best solution for web developers is to use a hashing function that is designed for secure password storage. It should use a salt and take a relatively long time to calculate the hash, making it much more difficult to recover plain text passwords.
Much more on this topic can be found in the 2012 IBM X-Force Mid Year Trend and Risk Report.