Chapter 6 DXp SeCurity Common Security Scenarios of DXP A DXP is mainly built on web technologies. Hence all the threat scenarios applicable for the Web are also relevant for DXP. We have listed the common security best practices that can be used in DXP implementations as follows: Password Standards The password policies of the DXP should enforce stricter password rules during account setup, password change, and all account verification scenarios. Insufficient or weak password policies lead to increased vulnerability. The key best practices for password policies are given below: • Enforcing minimum password length. Normally a minimum password length of 8 is suggested. • Enforcing the mix of numeric values, special characters, and uppercase letters in password text • Forcing password change regularly (for instance forcing user to change password after 90 days) • Avoiding common passwords or dictionary terms or common phrases as passwords • Maintaining a history of previous passwords to ensure that new password does not repeat from the history • E-mail password reset link instead of mailing the updated password in plain text. • Password should be stored as one-way hash (the ones that cannot be decrypted) while storing in a database or properties file. Use strong encryption algorithms such as AES 128 or SHA1 256 bit encryption mode. • Audit password retries and restrict the maximum number of password retries. 187