1. What are three major security features in native Magento EE v 1.13?
- Encryption based on AES 256 where older versions used MD5
- Magento Payment Bridge
- Form keys to prevent XSS and CRSF attacks
2. What is the encryption, hashing key management method used in Magento EE v 1.13?
AES 256 is used to encrypt data. Magento stores an encryption key in
[mageroot]/app/etc/local.xml file. Sensitive database information is encrypted using this key when stored.