SlideShare ist ein Scribd-Unternehmen logo

Domain Driven Security Jfokus 2016

Omegapoint Academy
Omegapoint Academy

We all know we have Anonymous, LulzSec, and NSA around. With this in mind, isn't it time to think about the security of our systems? Well, of course. In this talk, we'll show how Domain Driven Design is used to counteract security weaknesses without one thinking "security" all the time. So, if you're interested in learning how to design secure software, then this session is for you. Business and technical attacks are two kinds of attacks, where the latter is most famous, e g SQL Injection & XSS. But it doesn't mean business attacks are less harmful. On the contrary, they tend to be extremely sophisticated and powerful as they often leave infrastructure intact without firing alarms. Domain Driven Security is the field that counteracts both categories by using tools and mindsets from DDD.

Software
1 von 50
Downloaden Sie, um offline zu lesen
Arm yourself with Domain Driven Security. It’s time to slay some security trolls… @danbjson, @DanielDeogun Omegapoint Jfokus Stockholm February 2016
About Us… Umeå Malmö Göteborg Falun New York Stockholm Daniel Deogun Security Paratrooper Dan Bergh Johnsson Secure Domain Philosopher Omegapoint
Key Take Aways • DDSec helps one to design secure software without actively thinking about security • Treat injection flaws as a modelling problem rather than a validation problem • Context mapping is essential to avoid XSS and other 2nd order injection attacks • Micro-services will be scary as hell, unless the world gets a grip on context mapping
Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
Purchasing “Unencyclopedia” [Encyclopedia]
Technical Approach • OWASP “indata validation” • if(value < 0) -> don’t accept • Encourage separation of validation and data • Problem whack-a-mole ahead!
Analysis á la DDD • Observation • Quantity is modelled as integer • Quantity is an implicit concept • Analysis • Modelling is incomplete or missing
Analysis á la DDD -1 : Integer -1 : Quantity OrderLine {ISBN, Quantity}
Quantity made explicit - a good start public final class Quantity { public final int value; public Quantity(final int value) { isTrue(value > 0, "Quantity must be greater than zero. Got: %s", value); this.value = value; } …
Ubiqutous Domain Primitives • Library of domain primitives • Consolidates business rules • Raises the floor void buyBook(String, int) -> buyBook(ISBN, Quantity)
Another concept made explicit public final class EmailAddress { public final String value; public EmailAddress(final String value) { isTrue( ?????????, “Not valid email. Got: %s", value); this.value = value; } …
Email according to spec • RFC 5322 3.4 Address Specification (RFC 821, RFC 2821) • Some OK examples • root@127.0.0.1 • !#$%&'*+-/=?^_`{|}~@omegapoint.se • ”Åsa Sjölander”@omegapoint.se • Regexp : (?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:r n)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;: ".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)? [ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r ]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) /… 6424 chars
You define Your domain • Bounded Context - bounded by what you need • Is “root@127.0.0.1” sensible to you? • Strength not by “how wide” but by “how specific” • Start simple - limit to your core cases • E.g. “daniel.deogun@omegapoint.se” • Let the model grow
What is DDSec? “Domain Driven Security is about taking ideas from DDD and using them as tools to address security concerns, even though the tools were not originally designed specifically for security issues.” - Dan Bergh Johnsson, Dr. John Wilander [2009] http://dearjunior.blogspot.be/2009/09/introducing-domain-driven-security.html
History of DDSec 2009 20162010 Dan Bergh Johnsson John Wilander Erland Oftedal
 @Webtonull OWASP Europe Daniel Deogun Industry PracticeDDSec Coined JavaZone Jfokus OPKoKo Devoxx DDD Europe Jfokus DDD Summit Daniel Sawano Book about DDSec
Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
Injection Flaw “Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.” - OWASP top 10
The Classics - Dynamic SQL String SELECT … FROM Users WHERE username = ’<?username>’ AND password = ’<?password>’ danbj catsarecute SELECT … FROM Users WHERE username = ’danbj’ AND password = ’catsarecute’ Warning! This is just an example. Do not store passwords in plain text. Do not use relational databases for user management.
SQL Injection SELECT … FROM Users 
 WHERE username = ’<?username>’ AND password = ’<?password>’ evilhaxxOr ’OR 1=1 -- SELECT … FROM Users WHERE username = ’evilhaxxOr’ AND password = ’’OR 1=1 --’ SELECT … FROM Users 
 WHERE username = ’’OR 1=1 --’ 
 AND password = ’doesnotmatteranymore’ Warning! This is just an example. Do not store passwords in plain text. Do not use relational databases for user management.
Demo SQL INJECTION
What’s the problem? and solution? • ‘OR 1=1 -- is not a valid username • This is implicit in the code • Needs to be made explicit • Modelling required
Prepared Statements AKA Parametrised Queries • SQL Injection is solved by prepared statements • But what if the query structure is dynamic? • Other Injection Flaws • LDAP, Command, XPath, HTTP header …
HTTP Response with Cookie [https://www.owasp.org/index.php/HTTP_Response_Splitting] String author = … /* request, database, user setting … */ ... Cookie cookie = new Cookie("author", author); cookie.setMaxAge(cookieExpiration); response.addCookie(cookie); HTTP/1.1 200 OK ... Set-Cookie: author=Jane Smith … <html><head><title>The real content</title> ...
HTTP Injection Hacked ‘author’ value into database/setting … author : "Wiley HackerrnHTTP/1.1 200 OKrn..." HTTP/1.1 200 OK ... Set-Cookie: author=Wiley Hacker HTTP/1.1 200 OK … <html><head><title>Hacked content</title> … ... <html><head><title>The real content</title> ... [https://www.owasp.org/index.php/HTTP_Response_Splitting]
RFC 2616 HTTP/1.1 Ch 4 HTTP Message HTTP-message = Request | Response ; HTTP/1.1 messages generic-message = start-line *(message-header CRLF) CRLF [ message-body ] start-line = Request-Line | Status-Line message-header = field-name ":" [ field-value ] field-name = token field-value = *( field-content | LWS ) field-content = <the OCTETs making up the field-value and consisting of either *TEXT or combinations of token, separators, and quoted-string> http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4
DDSec to the Rescue on Injection Flaw • DDD helps one to separate data from code • Validating with respect to the model is crucial
A Quick Note On Validation • Validation order • Origin • Length • (Lexeme, content text) • Parsing, content structure • Semantics - Dr. John Wilander
Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
Cross Site Scripting (XSS) “XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.” - OWASP top 10
Demo Cross Site Scripting (XSS)
Domain Perspective Text Comment Text
Domain Perspective Text Text Code Comment
Fix the Broken Mapping <script> <script> Text Code &lt;script&gt;
SQL Injection vs XSS
Code SQL Injection vs XSS Code
2nd order injection Web Srv DB Log Log Adm
Preventing Data Leakage
 read once object [Daniel Sawano] public final class SensitiveValue implements Externalizable { private final AtomicReference<String> value; public SensitiveValue(final String value) { this.value = new AtomicReference<>(validated(value)); } public String value() { return notNull(value.getAndSet(null), "Sensitive value has already been consumed"); } @Override public String toString() { return "SensitiveValue value = *****"; } @Override public void read / writeExternal(final ObjectOutput out) throws IOException { throw new UnsupportedOperationException("Not allowed on sensitive value"); }
How did DDSec Help Us? • DDD gave deeper insight in nature of XSS • Context mapping allows one to “detect” possible broken maps • Modeling confidentiality protects against accidental disclosure of sensitive data
Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
Complex Domain Attack Order Finance Storage Shipping -1 -1 -1
Micro-servicing the Monolith Payment Policy
Payment Micro-servicing the Monolith Payment Policy InsurancePurchase
Making a change with surgical precision Payment Policy Payment Confirm Reject Giro Bounce Giro Confirm Purchase Bank Insurance
What we would have done Payment Policy Cash Payment Confirm Reject Giro Bounce Giro Confirm Purchase Bank Insurance Giro Payment
Micro-Service Hell • We’re moving towards more and more micro-services • Implemented by separate teams • How do we guarantee correct context mappings?
Key Take Aways • DDSec helps one to design secure software without actively thinking about security • Treat injection flaws as a modelling problem rather than a validation problem • Context mapping is essential to avoid XSS and other 2nd order injection attacks • Micro-services will be scary as hell, unless the world gets a grip on context mapping
Current State, Future Direction • Academic research on DDSec • Two master’s thesis projects in cooperation with Royal Institute of Technology (KTH) • Cooperation with Linnaeus University, computer science dept • Industry practice • Practice every day • more needed - especially regarding how to handle micro-services • investigating DDSec as applicable to DDOS-attacks • Writing • Early stage of book by Dan Bergh Johnsson, Daniel Deogun and Daniel Sawano.
Q & A [Questions]
Thanks @danbjson, @DanielDeogun
Image References • [Questions - https://flic.kr/p/9ksxQa] by Damián Navas under license https://creativecommons.org/licenses/by-nc-nd/2.0/ • [Encyclopedia - https://www.flickr.com/photos/stewart/461099066] by Stewart Butterfield under license https://creativecommons.org/licenses/by/2.0/

Empfohlen

Domain driven security_java_zone2016
Domain driven security_java_zone2016Domain driven security_java_zone2016
Domain driven security_java_zone2016Omegapoint Academy
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsOmegapoint Academy
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?Omegapoint Academy
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mindOmegapoint Academy
 
Fighting security trolls_with_high-quality_mindsets
Fighting security trolls_with_high-quality_mindsetsFighting security trolls_with_high-quality_mindsets
Fighting security trolls_with_high-quality_mindsetsddeogun
 
Devoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDevoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDaniel Sawano
 
Developing on SQL Azure
Developing on SQL AzureDeveloping on SQL Azure
Developing on SQL AzureIke Ellis
 
SamKK
SamKKSamKK
SamKKChentao Zhang
 

Empfohlen

Domain driven security_java_zone2016
Domain driven security_java_zone2016Domain driven security_java_zone2016
Domain driven security_java_zone2016Omegapoint Academy
 
Arm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsArm yourself with Domain Driven Security. It's time to slay some security trolls
Arm yourself with Domain Driven Security. It's time to slay some security trollsOmegapoint Academy
 
Designing software with security in mind?
Designing software with security in mind?Designing software with security in mind?
Designing software with security in mind?Omegapoint Academy
 
Designing software with security in mind
Designing software with security in mindDesigning software with security in mind
Designing software with security in mindOmegapoint Academy
 
Fighting security trolls_with_high-quality_mindsets
Fighting security trolls_with_high-quality_mindsetsFighting security trolls_with_high-quality_mindsets
Fighting security trolls_with_high-quality_mindsetsddeogun
 
Devoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDevoxx PL 2017 - Cracking the Code to Secure Software
Devoxx PL 2017 - Cracking the Code to Secure SoftwareDaniel Sawano
 
Developing on SQL Azure
Developing on SQL AzureDeveloping on SQL Azure
Developing on SQL AzureIke Ellis
 
SamKK
SamKKSamKK
SamKKChentao Zhang
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesChema Alonso
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesChema Alonso
 
SamBO
SamBOSamBO
SamBOChentao Zhang
 
Sam zhang week2demo copy
Sam zhang week2demo copySam zhang week2demo copy
Sam zhang week2demo copyChentao Zhang
 
Greensql2007
Greensql2007Greensql2007
Greensql2007Kaustav Sengupta
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injectionmatt_presson
 
Query DSL In Elasticsearch
Query DSL In ElasticsearchQuery DSL In Elasticsearch
Query DSL In ElasticsearchKnoldus Inc.
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
MRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph modelsMRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph modelsAntonio García-Domínguez
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flashEvan J Johnson (Not a CISSP)
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh2nd-Order-SQLi-Josh
2nd-Order-SQLi-JoshJoshua S. Clark, CISSP
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
Not so blind SQL Injection
Not so blind SQL InjectionNot so blind SQL Injection
Not so blind SQL InjectionFrancisco Ribeiro
 
Immutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data StoresImmutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data StoresYevhen Bobrov
 
CDI 2.0 Deep Dive
CDI 2.0 Deep DiveCDI 2.0 Deep Dive
CDI 2.0 Deep DiveThorben Janssen
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAbhinav Nair
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 
Making Software Secure by Design
Making Software Secure by DesignMaking Software Secure by Design
Making Software Secure by DesignOmegapoint Academy
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?Gavin Holt
 

Weitere ähnliche Inhalte

Was ist angesagt?

Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesChema Alonso
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesChema Alonso
 
Sam zhang week2demo copy
Sam zhang week2demo copySam zhang week2demo copy
Sam zhang week2demo copyChentao Zhang
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injectionmatt_presson
 
Query DSL In Elasticsearch
Query DSL In ElasticsearchQuery DSL In Elasticsearch
Query DSL In ElasticsearchKnoldus Inc.
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
MRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph modelsMRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph modelsAntonio García-Domínguez
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStackoldbam
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection TutorialMagno Logan
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
Immutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data StoresImmutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data StoresYevhen Bobrov
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 

Was ist angesagt? (20)

Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy Queries
 
SamBO
SamBOSamBO
SamBO
 
Sam zhang week2demo copy
Sam zhang week2demo copySam zhang week2demo copy
Sam zhang week2demo copy
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Time-Based Blind SQL Injection
Time-Based Blind SQL InjectionTime-Based Blind SQL Injection
Time-Based Blind SQL Injection
 
Query DSL In Elasticsearch
Query DSL In ElasticsearchQuery DSL In Elasticsearch
Query DSL In Elasticsearch
 
The Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active DirectoryThe Unintended Risks of Trusting Active Directory
The Unintended Risks of Trusting Active Directory
 
MRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph modelsMRT 2018: reflecting on the past and the present with temporal graph models
MRT 2018: reflecting on the past and the present with temporal graph models
 
Security Issues in OpenStack
Security Issues in OpenStackSecurity Issues in OpenStack
Security Issues in OpenStack
 
JWTs and JOSE in a flash
JWTs and JOSE in a flashJWTs and JOSE in a flash
JWTs and JOSE in a flash
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
 
2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
 
Not so blind SQL Injection
Not so blind SQL InjectionNot so blind SQL Injection
Not so blind SQL Injection
 
Immutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data StoresImmutable Database. Safe Way to Migrate Large Data Stores
Immutable Database. Safe Way to Migrate Large Data Stores
 
CDI 2.0 Deep Dive
CDI 2.0 Deep DiveCDI 2.0 Deep Dive
CDI 2.0 Deep Dive
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 

Ähnlich wie Domain Driven Security Jfokus 2016

Making Software Secure by Design
Making Software Secure by DesignMaking Software Secure by Design
Making Software Secure by DesignOmegapoint Academy
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?Gavin Holt
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730chadtindel
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesLeo Loobeek
 
NoSQL Endgame LWJUG 2021
NoSQL Endgame LWJUG 2021NoSQL Endgame LWJUG 2021
NoSQL Endgame LWJUG 2021Thodoris Bais
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsBlrDroid
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"Daniel Bryant
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Apostolos Giannakidis
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014Dan BerghJohnsson
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
Drupal Security from Drupalcamp Cologne 2009
Drupal Security from Drupalcamp Cologne 2009Drupal Security from Drupalcamp Cologne 2009
Drupal Security from Drupalcamp Cologne 2009Gábor Hojtsy
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesClint Edmonson
 

Ähnlich wie Domain Driven Security Jfokus 2016 (20)

Making Software Secure by Design
Making Software Secure by DesignMaking Software Secure by Design
Making Software Secure by Design
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
 
NoSQL Endgame LWJUG 2021
NoSQL Endgame LWJUG 2021NoSQL Endgame LWJUG 2021
NoSQL Endgame LWJUG 2021
 
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015
 
Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014
 
Introduction to threat_modeling
Introduction to threat_modelingIntroduction to threat_modeling
Introduction to threat_modeling
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Drupal Security from Drupalcamp Cologne 2009
Drupal Security from Drupalcamp Cologne 2009Drupal Security from Drupalcamp Cologne 2009
Drupal Security from Drupalcamp Cologne 2009
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 

Mehr von Omegapoint Academy

Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Omegapoint Academy
 
Secure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialSecure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialOmegapoint Academy
 
Domain Primitives In Action - Explore DDD 2017
Domain Primitives In Action - Explore DDD 2017Domain Primitives In Action - Explore DDD 2017
Domain Primitives In Action - Explore DDD 2017Omegapoint Academy
 
Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Omegapoint Academy
 
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Omegapoint Academy
 
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Omegapoint Academy
 
Studenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipStudenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipOmegapoint Academy
 
Agile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumAgile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumOmegapoint Academy
 

Mehr von Omegapoint Academy (9)

Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018Domain Primitives in Action - DataTjej 2018
Domain Primitives in Action - DataTjej 2018
 
Secure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorialSecure by Design - Jfokus 2018 tutorial
Secure by Design - Jfokus 2018 tutorial
 
Domain Primitives In Action - Explore DDD 2017
Domain Primitives In Action - Explore DDD 2017Domain Primitives In Action - Explore DDD 2017
Domain Primitives In Action - Explore DDD 2017
 
Designing Testable Software
Designing Testable SoftwareDesigning Testable Software
Designing Testable Software
 
Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015Failing Continuous Delivery, Devoxx Poland, 2015
Failing Continuous Delivery, Devoxx Poland, 2015
 
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?Studentkonferens 2015 - Alla pratar om risker, men vad är det?
Studentkonferens 2015 - Alla pratar om risker, men vad är det?
 
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
Studentkonferens 2015 1 + 1 = 1 (The Omegapoint Way)
 
Studenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - CraftsmanshipStudenkonferens 2015 - Craftsmanship
Studenkonferens 2015 - Craftsmanship
 
Agile Enterprise: frukostseminarium
Agile Enterprise: frukostseminariumAgile Enterprise: frukostseminarium
Agile Enterprise: frukostseminarium
 

Kürzlich hochgeladen

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburgmasabamasaba
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durbanmasabamasaba
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...masabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationShrmpro
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 

Kürzlich hochgeladen (20)

%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban%in Durban+277-882-255-28 abortion pills for sale in Durban
%in Durban+277-882-255-28 abortion pills for sale in Durban
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 

Domain Driven Security Jfokus 2016

  • 1. Arm yourself with Domain Driven Security. It’s time to slay some security trolls… @danbjson, @DanielDeogun Omegapoint Jfokus Stockholm February 2016
  • 2. About Us… Umeå Malmö Göteborg Falun New York Stockholm Daniel Deogun Security Paratrooper Dan Bergh Johnsson Secure Domain Philosopher Omegapoint
  • 3. Key Take Aways • DDSec helps one to design secure software without actively thinking about security • Treat injection flaws as a modelling problem rather than a validation problem • Context mapping is essential to avoid XSS and other 2nd order injection attacks • Micro-services will be scary as hell, unless the world gets a grip on context mapping
  • 4. Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
  • 6. Technical Approach • OWASP “indata validation” • if(value < 0) -> don’t accept • Encourage separation of validation and data • Problem whack-a-mole ahead!
  • 7. Analysis á la DDD • Observation • Quantity is modelled as integer • Quantity is an implicit concept • Analysis • Modelling is incomplete or missing
  • 8. Analysis á la DDD -1 : Integer -1 : Quantity OrderLine {ISBN, Quantity}
  • 9. Quantity made explicit - a good start public final class Quantity { public final int value; public Quantity(final int value) { isTrue(value > 0, "Quantity must be greater than zero. Got: %s", value); this.value = value; } …
  • 10. Ubiqutous Domain Primitives • Library of domain primitives • Consolidates business rules • Raises the floor void buyBook(String, int) -> buyBook(ISBN, Quantity)
  • 11. Another concept made explicit public final class EmailAddress { public final String value; public EmailAddress(final String value) { isTrue( ?????????, “Not valid email. Got: %s", value); this.value = value; } …
  • 12. Email according to spec • RFC 5322 3.4 Address Specification (RFC 821, RFC 2821) • Some OK examples • root@127.0.0.1 • !#$%&'*+-/=?^_`{|}~@omegapoint.se • ”Åsa Sjölander”@omegapoint.se • Regexp : (?:(?:rn)?[ t])*(?:(?:(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[ ["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:rn)?[ t]))*"(?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?: [^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r]|.|(?:(?:r n)?[ t]))*"(?:(?:rn)?[ t])*))*@(?:(?:rn)?[ t])*(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t]) +|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)?[ t])*)(?:.(?:(?:rn)?[ t])*(?:[^()<>@,;: ".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|[([^[]r]|.)*](?:(?:rn)? [ t])*))*|(?:[^()<>@,;:".[] 000-031]+(?:(?:(?:rn)?[ t])+|Z|(?=[["()<>@,;:".[]]))|"(?:[^"r ]|.|(?:(?:rn)?[ t]))*"(?:(?:rn) /… 6424 chars
  • 13. You define Your domain • Bounded Context - bounded by what you need • Is “root@127.0.0.1” sensible to you? • Strength not by “how wide” but by “how specific” • Start simple - limit to your core cases • E.g. “daniel.deogun@omegapoint.se” • Let the model grow
  • 14. What is DDSec? “Domain Driven Security is about taking ideas from DDD and using them as tools to address security concerns, even though the tools were not originally designed specifically for security issues.” - Dan Bergh Johnsson, Dr. John Wilander [2009] http://dearjunior.blogspot.be/2009/09/introducing-domain-driven-security.html
  • 15. History of DDSec 2009 20162010 Dan Bergh Johnsson John Wilander Erland Oftedal
 @Webtonull OWASP Europe Daniel Deogun Industry PracticeDDSec Coined JavaZone Jfokus OPKoKo Devoxx DDD Europe Jfokus DDD Summit Daniel Sawano Book about DDSec
  • 16. Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
  • 17. Injection Flaw “Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.” - OWASP top 10
  • 18. The Classics - Dynamic SQL String SELECT … FROM Users WHERE username = ’<?username>’ AND password = ’<?password>’ danbj catsarecute SELECT … FROM Users WHERE username = ’danbj’ AND password = ’catsarecute’ Warning! This is just an example. Do not store passwords in plain text. Do not use relational databases for user management.
  • 19. SQL Injection SELECT … FROM Users 
 WHERE username = ’<?username>’ AND password = ’<?password>’ evilhaxxOr ’OR 1=1 -- SELECT … FROM Users WHERE username = ’evilhaxxOr’ AND password = ’’OR 1=1 --’ SELECT … FROM Users 
 WHERE username = ’’OR 1=1 --’ 
 AND password = ’doesnotmatteranymore’ Warning! This is just an example. Do not store passwords in plain text. Do not use relational databases for user management.
  • 21. What’s the problem? and solution? • ‘OR 1=1 -- is not a valid username • This is implicit in the code • Needs to be made explicit • Modelling required
  • 22. Prepared Statements AKA Parametrised Queries • SQL Injection is solved by prepared statements • But what if the query structure is dynamic? • Other Injection Flaws • LDAP, Command, XPath, HTTP header …
  • 23. HTTP Response with Cookie [https://www.owasp.org/index.php/HTTP_Response_Splitting] String author = … /* request, database, user setting … */ ... Cookie cookie = new Cookie("author", author); cookie.setMaxAge(cookieExpiration); response.addCookie(cookie); HTTP/1.1 200 OK ... Set-Cookie: author=Jane Smith … <html><head><title>The real content</title> ...
  • 24. HTTP Injection Hacked ‘author’ value into database/setting … author : "Wiley HackerrnHTTP/1.1 200 OKrn..." HTTP/1.1 200 OK ... Set-Cookie: author=Wiley Hacker HTTP/1.1 200 OK … <html><head><title>Hacked content</title> … ... <html><head><title>The real content</title> ... [https://www.owasp.org/index.php/HTTP_Response_Splitting]
  • 25. RFC 2616 HTTP/1.1 Ch 4 HTTP Message HTTP-message = Request | Response ; HTTP/1.1 messages generic-message = start-line *(message-header CRLF) CRLF [ message-body ] start-line = Request-Line | Status-Line message-header = field-name ":" [ field-value ] field-name = token field-value = *( field-content | LWS ) field-content = <the OCTETs making up the field-value and consisting of either *TEXT or combinations of token, separators, and quoted-string> http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4
  • 26. DDSec to the Rescue on Injection Flaw • DDD helps one to separate data from code • Validating with respect to the model is crucial
  • 27. A Quick Note On Validation • Validation order • Origin • Length • (Lexeme, content text) • Parsing, content structure • Semantics - Dr. John Wilander
  • 28. Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
  • 29. Cross Site Scripting (XSS) “XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.” - OWASP top 10
  • 33. Fix the Broken Mapping <script> <script> Text Code &lt;script&gt;
  • 37. Preventing Data Leakage
 read once object [Daniel Sawano] public final class SensitiveValue implements Externalizable { private final AtomicReference<String> value; public SensitiveValue(final String value) { this.value = new AtomicReference<>(validated(value)); } public String value() { return notNull(value.getAndSet(null), "Sensitive value has already been consumed"); } @Override public String toString() { return "SensitiveValue value = *****"; } @Override public void read / writeExternal(final ObjectOutput out) throws IOException { throw new UnsupportedOperationException("Not allowed on sensitive value"); }
  • 38. How did DDSec Help Us? • DDD gave deeper insight in nature of XSS • Context mapping allows one to “detect” possible broken maps • Modeling confidentiality protects against accidental disclosure of sensitive data
  • 39. Attacks From A DDD Perspective Complex Technical Complex Domain Simple Domain Simple Technical
  • 40. Complex Domain Attack Order Finance Storage Shipping -1 -1 -1
  • 43. Making a change with surgical precision Payment Policy Payment Confirm Reject Giro Bounce Giro Confirm Purchase Bank Insurance
  • 44. What we would have done Payment Policy Cash Payment Confirm Reject Giro Bounce Giro Confirm Purchase Bank Insurance Giro Payment
  • 45. Micro-Service Hell • We’re moving towards more and more micro-services • Implemented by separate teams • How do we guarantee correct context mappings?
  • 46. Key Take Aways • DDSec helps one to design secure software without actively thinking about security • Treat injection flaws as a modelling problem rather than a validation problem • Context mapping is essential to avoid XSS and other 2nd order injection attacks • Micro-services will be scary as hell, unless the world gets a grip on context mapping
  • 47. Current State, Future Direction • Academic research on DDSec • Two master’s thesis projects in cooperation with Royal Institute of Technology (KTH) • Cooperation with Linnaeus University, computer science dept • Industry practice • Practice every day • more needed - especially regarding how to handle micro-services • investigating DDSec as applicable to DDOS-attacks • Writing • Early stage of book by Dan Bergh Johnsson, Daniel Deogun and Daniel Sawano.
  • 50. Image References • [Questions - https://flic.kr/p/9ksxQa] by Damián Navas under license https://creativecommons.org/licenses/by-nc-nd/2.0/ • [Encyclopedia - https://www.flickr.com/photos/stewart/461099066] by Stewart Butterfield under license https://creativecommons.org/licenses/by/2.0/