JavaZone 2011 - Domain Driven Security Code Kata
Since 2004 Injection Flaws and Cross-Site Scripting (XSS) has topped the OWASP Top Ten of most harmful vulnerabilities. Time to do something about it. In this code kata we address both Injection Flaw as well as XSS by applying techniques from Domain Driven Design - thus Domain Driven Security. In specific we use DDD context mapping to understand what the problem really is and DDD value objects to shape up our module APIs to make these vulnerabilities go away by enforcing indata validation and outdata encoding in a way that feels natural for the developers.
Dan Bergh Johnsson
Programmer at heart through 10+ years of post-university system development profession. Agile Affectionado since signing the Agile Manifesto as signee #94 in 2001. Domain Driven Design enthusiast since 2004 when finding Eric Evans ideas well aligned with his own ideas about development. Nowadays working as mentor, coach, and architect insisting on code as the most central artifact.
Partner of and official spokesperson for Omegapoint on architecture and development methodology.
Co-author of "97 Things Every Programmer Should Know" and share his ideas in the blogosphere through his letters to a junior programmer under the title "Dear Junior".