Domain-Driven Security: Injection & Cross-site scripting
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Domändriven säkerhet : Injection & Cross-site scripting (Swedish)
Many web applications are vulnerable to Injection and Cross-site scripting. These attacks are often focused on infrastructural parts of the application. This thesis investigates if Domain-Driven Design can unify existing technical protection mechanisms as well as provide protection for attacks aimed at the business logic of an application.
The performance of data validation and transformation performed with components from Domain-Driven Design is evaluated. The evaluation is performed by exposing an E-commerce application to dangerous injection and cross-site scripting strings.
The data validation was found to be accurate and flexible and context mapping aided the understanding of correct data treatment depending on where in the application it is located or travelling to.
Place, publisher, year, edition, pages
2016. , 39 p.
Domain-Driven Security, Domain-Driven Design, DDS, DDD, Injection, Cross-site scripting, XSS, Security, Computer security
IdentifiersURN: urn:nbn:se:kth:diva-189326OAI: oai:DiVA.org:kth-189326DiVA: diva2:945707
Subject / course
Master of Science in Engineering - Computer Science and Technology
2016-06-14, 4523, Lindstedtsvägen 1, Stockholm, 11:30 (Swedish)
Engwall, Olov, Professor
Jensfelt, Patric, Professor