Workshop: OWASP application security vulnerabilities and what Domain-Driven Security has to say about it

A session at Domain-Driven Design Europe 2016

Thursday 28th January, 2016

2:30pm to 4:30pm (WET)

Let’s get down to the code and use our knowledge of DDD to counteract security vulnerabilities like SQL Injection, other Injection Flaws, and Cross-Site Scripting (XSS). Looking at these with a DDD mindset gives a deep understanding and sheds light over why some suggested solutions are better and some are less effective. It also gives inspiration to form better ways to avoid these vulnerabilities without having to think “security” all the time.

This workshop present the craftsmanship view of Domain Driven Security (DDSec), were we apply DDD mindset and tools to counteract security vulnerabilities, even though those tools were not originally designed with security in mind. We do not have precise figures, but adopting the Domain Driven Security mindset seems to reduce 95% of the most common application security vulnerabilities.

Finally, we hope that you will leave the workshop with an enhanced toolbox for understanding and counteracting security vulnerabilities. Upon returning from the conference you will be able to analyse your own systems and hopefully find and fix exploitable flaws before anyone else does.

About the speakers

This person is speaking at this event.
Dan Bergh Johnsson

Secure Domain Philosopher

Agile aficionado; Domain Driven Design enthusiast; code quality craftsman, with a long time interest in security. The combination made Dan use quality practices from DDD to address application security issues - thus coining "Domain Driven Security" together with John Wilander around 2009.

This person is speaking at this event.
Daniel Deogun

Security Paratrooper

Coder and Quality defender; fights security trolls on a daily basis using Domain Driven Design and a security mindset. Daniel's extensive experience ranges from patient critical pacemaker systems to high performant software in the gaming industry. Combining this with his passion for DDD and his interest in security has made him a strong advocate of Domain Driven Security.

2 attendees

  • Dan Bergh Johnsson
  • Daniel Deogun

1 tracker

  • Cyrille Martraire

Sign in to add slides, notes or videos to this session

Sign in to track this session

Tell your friends!


Time 2:30pm4:30pm WET

Date Thu 28th January 2016


Executive Room, Event Lounge

Session Hash Tag


Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session