Thursday 28th January, 2016
2:30pm to 4:30pm
Let’s get down to the code and use our knowledge of DDD to counteract security vulnerabilities like SQL Injection, other Injection Flaws, and Cross-Site Scripting (XSS). Looking at these with a DDD mindset gives a deep understanding and sheds light over why some suggested solutions are better and some are less effective. It also gives inspiration to form better ways to avoid these vulnerabilities without having to think “security” all the time.
This workshop present the craftsmanship view of Domain Driven Security (DDSec), were we apply DDD mindset and tools to counteract security vulnerabilities, even though those tools were not originally designed with security in mind. We do not have precise figures, but adopting the Domain Driven Security mindset seems to reduce 95% of the most common application security vulnerabilities.
Finally, we hope that you will leave the workshop with an enhanced toolbox for understanding and counteracting security vulnerabilities. Upon returning from the conference you will be able to analyse your own systems and hopefully find and fix exploitable flaws before anyone else does.
Secure Domain Philosopher
Agile aficionado; Domain Driven Design enthusiast; code quality craftsman, with a long time interest in security. The combination made Dan use quality practices from DDD to address application security issues - thus coining "Domain Driven Security" together with John Wilander around 2009.
Coder and Quality defender; fights security trolls on a daily basis using Domain Driven Design and a security mindset. Daniel's extensive experience ranges from patient critical pacemaker systems to high performant software in the gaming industry. Combining this with his passion for DDD and his interest in security has made him a strong advocate of Domain Driven Security.
Sign in to add slides, notes or videos to this session