Software Engineering Radio - the podcast for professional software developers SE Radio 684: Dan Bergh Johnsson and Daniel Deogun on Secure By Design
40 snips
Sep 4, 2025 Join Dan Bergh Johnsson, a Partner at Omega Point and co-author of 'Secure by Design', alongside Daniel Deogun, Chief Academy Officer at Omega Point, as they dive into the crucial intersection of software design and security. They discuss how developers can incorporate security into their workflow without becoming experts. Topics include leveraging domain-driven design to enhance communication, the importance of clear input validation, and the need for a collaborative security culture. Get insights that reshape the approach to developing secure software!
AI Snips
Chapters
Books
Transcript
Episode notes
Model Domain-Specific Types
- Define a ubiquitous domain language and precise models rather than reusing generic primitives.
- Use specific types (domain primitives) to restrict inputs and reduce injection and logic errors.
Negative Quantity Led To Free Discount
- Teams used plain integers for quantity and allowed negatives, enabling discount exploits in production.
- Developers repeatedly encounter similar bugs from using language primitives instead of domain primitives.
Order Your Input Validation
- Validate inputs in ascending cost order: origin, size, characters, structure, then semantics.
- Reject bad inputs early to make attacks expensive and server checks cheap.
