Handling Sensitive Data

• 3.1 Implement Secure Data Storage
• 3.2 Use SECURE Setting For Cookies
• 3.3 Fully validate SSL/TLS
• 3.4 Protect Against SSL Strip
• 3.5 Limit Use of UUID
• 3.6 Treat Geolocation Data Carefully
• 3.7 Institute Local Session Timeout
• 3.8 Implement Enhanced/Two-Factor Authentication
• 3.9 Protect Application Settings
• 3.10 Hide Account Numbers and Use Tokens
• 3.11 Implement Secure Network Transmission Of Sensitive Data
• 3.12 Validate Input From Client
• 3.13 Avoid Storing App Data in Backups