LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Protecting secrets

Protecting secrets

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Protecting secrets

“

- [Instructor] To minimize the confidentiality risks to your application's data, you'll want to understand how to effectively protect those secrets. Fortunately, your developers have a number of options at their disposal for accomplishing this goal. A relatively simple solution for protecting secrets is through tokenization. When you tokenize sensitive data, you replace the sensitive parts with a non-sensitive alternative or token that references the original data. For example, say your application needs my 16-digit credit card number. You might store the actual number in a highly secured database while storing a token like JB12345 in another part of the application. If that token is ever compromised, so what? It's meaningless, but your developers can use tokens all throughout the application, enabling them to add more functionality to the application without needing to expose the secrets protected by those tokens. While tokenization helps reduce the need to access sensitive data, it…

Contents