Wednesday, November 14, 2018
How to avoid Sensitive Data Exposure
Java has extensive cryptographic libraries, but they are not easy to use correctly. You should find a library that builds on top of JCE to provide easily and safely usable cryptographic methods. Some examples are Jasypt and ESAPI. You should be using strong algorithms like AES for encryption and SHA256 for hashes. Be careful with password hashes as they can be reversed using a Rainbow Table, so use adaptive algorithms like bcrypt or PBKDF2.