Change search
ReferencesLink to record
Permanent link

Direct link
Domain-Driven Security: Injection & Cross-site scripting
KTH, School of Computer Science and Communication (CSC).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Domändriven säkerhet : Injection & Cross-site scripting (Swedish)
Abstract [en]

Many web applications are vulnerable to Injection and Cross-site scripting. These attacks are often focused on infrastructural parts of the application. This thesis investigates if Domain-Driven Design can unify existing technical protection mechanisms as well as provide protection for attacks aimed at the business logic of an application.

The performance of data validation and transformation performed with components from Domain-Driven Design is evaluated. The evaluation is performed by exposing an E-commerce application to dangerous injection and cross-site scripting strings.

The data validation was found to be accurate and flexible and context mapping aided the understanding of correct data treatment depending on where in the application it is located or travelling to.  

Place, publisher, year, edition, pages
2016. , 39 p.
Keyword [en]
Domain-Driven Security, Domain-Driven Design, DDS, DDD, Injection, Cross-site scripting, XSS, Security, Computer security
National Category
Computer Systems
URN: urn:nbn:se:kth:diva-189326OAI: diva2:945707
Subject / course
Computer Science
Educational program
Master of Science in Engineering - Computer Science and Technology
2016-06-14, 4523, Lindstedtsvägen 1, Stockholm, 11:30 (Swedish)
Available from: 2016-07-04 Created: 2016-07-02 Last updated: 2016-07-04Bibliographically approved

Open Access in DiVA

Domain-DrivenSecurity(1473 kB)31 downloads
File information
File name FULLTEXT01.pdfFile size 1473 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Stendahl, Jonas
By organisation
School of Computer Science and Communication (CSC)
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 31 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 81 hits
ReferencesLink to record
Permanent link

Direct link