Domain Driven Security
Omegapoint colleagues Dan Bergh-Johnsson and John Wilander have coined a new design method in systems development called Domain-Driven Security (domain-driven security) – a working method at the intersection of domain-driven design (DDD) and application security. On September 16th, the method was launched in separate blog posts, one in Swedish and one in English.
– Our interest was piqued when Dan gave a talk about DDD and I commented on its support for input validation, says John Wilander.
What does Domain Driven Security actually mean? According to John and Dan, it means that input validation should be done in the value objects, relatively deep within the application. The problems, or challenges, are keeping the input logic simple until the validation of the domain objects and keeping the domain model and database model in sync.
Read more on John Wilander's OWASP blog:
http://owaspsweden.blogspot.com/2009/09/domandriven-sakerhet-domain-driven.html
and Dan Bergh-Johnsson's Dear Junior blog:
http://dearjunior.blogspot.com/2009/09/introducing-domain-driven-security.html
For more information, contact
John Wilander
john.wilander@omegapoint.se
Omegapoint AB
Mobile +46 768 93 88 17
www.omegapoint.se
Dan Bergh-Johnsson
dan.bergh.johnsson@omegapoint.se
Omegapoint AB
Mobile +46 709 15 88 43
www.omegapoint.se
Latest articles
Insights
Latest articles
How to quantum secure your business
Speaking of Glasswing: responsible, but not enough
