Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Domain-Driven Security: Injection & Cross-site scripting
KTH, School of Computer Science and Communication (CSC).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Domändriven säkerhet : Injection & Cross-site scripting (Swedish)
Abstract [en]

Many web applications are vulnerable to Injection and Cross-site scripting. These attacks are often focused on infrastructural parts of the application. This thesis investigates if Domain-Driven Design can unify existing technical protection mechanisms as well as provide protection for attacks aimed at the business logic of an application.

The performance of data validation and transformation performed with components from Domain-Driven Design is evaluated. The evaluation is performed by exposing an E-commerce application to dangerous injection and cross-site scripting strings.

The data validation was found to be accurate and flexible and context mapping aided the understanding of correct data treatment depending on where in the application it is located or travelling to.  

Place, publisher, year, edition, pages
2016. , 39 p.
Keyword [en]
Domain-Driven Security, Domain-Driven Design, DDS, DDD, Injection, Cross-site scripting, XSS, Security, Computer security
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-189326OAI: oai:DiVA.org:kth-189326DiVA: diva2:945707
Subject / course
Computer Science
Educational program
Master of Science in Engineering - Computer Science and Technology
Presentation
2016-06-14, 4523, Lindstedtsvägen 1, Stockholm, 11:30 (Swedish)
Supervisors
Examiners
Available from: 2016-07-04 Created: 2016-07-02 Last updated: 2016-07-04Bibliographically approved

Open Access in DiVA

Domain-DrivenSecurity(1473 kB)167 downloads
File information
File name FULLTEXT01.pdfFile size 1473 kBChecksum SHA-512
e700b053e683a027626ca714e00f96d96f3c2a5dab12a6e2d9b93d78b9debb55679bc224a14d4860eb1828a5bc7d8c81a836be2ae835854b72462019a71a2f67
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Stendahl, Jonas
By organisation
School of Computer Science and Communication (CSC)
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 167 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 320 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf