Since 2004 Injection Flaws and Cross-Site Scripting (XSS) has topped the OWASP Top Ten of most harmful vulnerabilities. Time to do something about it. In this code kata we address both Injection Flaw as well as XSS by applying techniques from Domain Driven Design – thus Domain Driven Security. In specific we use DDD context mapping to understand what the problem really is and DDD value objects to shape up our module APIs to make these vulnerabilities go away by enforcing in-data validation and out-data encoding in a way that feels natural for the developers.
Video Producer: JavaZone Conference