Securely isolating the data layer is something that every development team has in mind. However, even though the data is well isolated behind a firewall or any other type of strategy, there is sensitive data that is not always properly stored.
Passwords are sensitive data; I know this seems obvious. But many development teams apply reversible encryption over passwords for database storage instead of applying irreversible hashes. Reversible passwords are a major security breach.
Another good practice with regards to data is avoiding sequential numeric IDs. This is a great gateway to identify and steal user data. Adopting hashes or skipped numbers as IDs in the database is safer for an application. If possible, always use hashes. ...