In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of the design and feature itself, and the huge security advantages we can expect to see. To hear more, you need to see the episode!
Gagandeep’s Bio:
Gagandeep Juneja is an experienced Information Security professional working in the Information Technology and Services Industry. Working in Application Security domain, security assessment, threat modeling, architecture review, DevSecOps and guidelines for security technologies to develop effective secure solutions. In his opinion if we focus on securing code which will result in fewer vulnerabilities in the solution. Domain Driven Design sets the bar higher for software development, providing an efficient way to designing and developing a more secure IT solution.
His blog: https://securityintelligence.com/posts/secure-coding-domain-driven-design/
Very special thanks to our sponsor: The Diana Initiative!
A conference committed to helping all those underrepresented in Information Security - Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & Spa
Join We Hack Purple!
We have new courses in the We Hack Purple Academy! Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!
In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of the design and feature itself, and the huge security advantages we can expect to see. To hear more, you need to see the episode!
Gagandeep’s Bio:
Gagandeep Juneja is an experienced Information Security professional working in the Information Technology and Services Industry. Working in Application Security domain, security assessment, threat modeling, architecture review, DevSecOps and guidelines for security technologies to develop effective secure solutions. In his opinion if we focus on securing code which will result in fewer vulnerabilities in the solution. Domain Driven Design sets the bar higher for software development, providing an efficient way to designing and developing a more secure IT solution.
His blog: https://securityintelligence.com/posts/secure-coding-domain-driven-design/
Very special thanks to our sponsor: The Diana Initiative!
A conference committed to helping all those underrepresented in Information Security - Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & Spa
Join We Hack Purple!
We have new courses in the We Hack Purple Academy! Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!
welcome to the we hack purple podcast
where each episode we meet a new person
who works in information security but
ideally someone who helps to secure
software as part of their work this
episode is sponsored by the Diana
initiative they are an amazing
conference that focuses on getting
people from underrepresented groups to
start working in information security we
want more of you and that means every
single person to join our field and this
is what they do with their conference
which is August 7th in Las Vegas Nevada
United States also known as Vegas and it
happens just before Defcon and black hat
so if you're going down there anyway you
could go one day early and attend this
amazing amazing amazing event but you're
not here to hear about our sponsor
usually you're here to hear about our
guests and our guest this week is
Gagandeep Singh and he's awesome I so I
was like reading his stuff and reading
his blog on the internet and I thought
okay so maybe if I invite him on the
show he'll say yes the worst he could do
is say no and I asked him when he said
yes will you tell our audience a little
bit more about you
yeah thanks Daniel for having me and
sharing my experience here uh about me
uh this is Gagandeep and I have 11 years
of it experience and I started working
as a developer and very soon in my
career I realized uh the importance of
writing secure code by and building
secure products so I started practicing
our upper writing secure code and from
there my interest in security grew and I
do security testing as my keys key skill
and I did perform vulnerability
assessments code review pen test
offensive security at different stages
of my career now I am working more on
defensive site and application security
side so I perform thread modeling design
review and devsecops and helping
developers with their security needs
um
the main reason that I was like I have
to I have to talk to him was so I am
writing my next book which is called
Alison Bob learns care coding and there
is a section where I wanted to talk
about domain driven development and how
so it's sort of like a fancier newer
like newer more organized way to write
software and it has all these awesome
Security benefits so then when I was
looking up all of the stuff I just kept
finding you so I I was like so I felt
like you had a blog post that to me
explained it in the most clear way you
went over like a lot of the the reasons
why it's good and so I was hoping
can we talk first of all could you like
just give sort of an overview of what
the heck is design driven development
before we get into domain driven design
uh I would like to share uh that when a
software is built the teams mostly focus
on just to make things work and uh that
is the main goal of uh the development
teams and When developing a product the
quality assurance uh time to Market and
cost is the more driving principle and
when security vulnerabilities are
identified so we follow more reactive
approach in uh in remediating them but
with domain driven design the bar is
little bit higher uh with regards to
most software development and domain
driven design does not just focus on uh
how the system should work but having a
deeper understanding of what we are
building
and there is a significant emphasis on
understanding the problem domain and
what we are building rather than just
focusing on the solutions
and with domain driven design we take
active decisions uh throughout the
different phases of the development life
cycle and eventually the focus is on the
design which is uh zeroed down to from
the code to the architecture level so
that the end solution is more secure
that I liked about it when I was so I
had put on the internet like I'm
thinking of covering these things and
someone said you should cover
domain-driven design and development and
I was like oh I actually hadn't heard of
this before and then when I was reading
about it the idea of you know naming
things and organizing things based on
what the product is about so let's say
it builds cars uh like having like the
car object or whatever and all the
things inside of it
um the idea is to make it really
readable and easily understandable and I
feel from a security perspective
sometimes we come in and we look at an
app and we're like where's this thing
supposed to do oh my gosh and with
domain driven design it makes so much
more sense like right out of the box
from the first time you look at it's
like oh this does this and this does
that thanks guys
you were so in your blog article and
like and we've discussed just what are
some of the security advantages that
might happen
um for a domain driven design uh and
understanding the security advantages I
will take a step back and uh highlight
the issues which we are facing right now
in our traditional uh approach
so uh when we when the developers are
asked to build the product and there is
a security vulnerability so during
development they have to have an
explicit knowledge about security
vulnerabilities and their focus is on
vulnerabilities and rather than the
rather than solving the business
business problem and building on
business functionality
and with that developers need to have a
good knowledge about security and having
and we considered them to be a security
aspect expert also along with a
developer with domain driven design the
organization uh
the where the organizations are now
focusing more on is to uh with the shift
left approach we can
um
uh in incorporate security as early as
in the development life cycle which will
make uh it the development life cycle
more effortless and
and security is integrated into it
so to explain uh the advantages I will
use an example uh like for example we
have a simple application which has
um which is we are using it for
uploading images
and
so for that application we will need a
login page and
um and and for and the login page
eventually becomes a feature of an
application
yeah but we and as as an end user I
would like my uh
my application my images on the
application be more confidential and it
is not uh going in and like
in an unauthorized hand so I wanted my
images to be more confidential So
eventually
um security uh it is the concern of a
user So eventually it becomes a security
concern with domain driven design not
just a feature So eventually if we think
about a
if we even we are building an
application we should not just focus on
security features we should focus uh we
should take security as a concern of an
end user like in this case
confidentiality and login login page a
login mechanism gives confidentiality in
an application
and understanding that
concern security concerns we will say
that um
the uh the CIA is the main main concern
of
of security basically so uh the four
pillars of uh
domain driven design is
confidentiality Integrity availability
and traceability
and those things are eventually uh
integrated into the life cycle and and
when the user stories are defined on
those principles this will eventually
lead to lesser security vulnerabilities
and having the positive impact in the
development life cycle
yeah
I feel like
having security be a part of the feature
itself like built in from the beginning
rather than being added on later like
that sounds great I remember you're
saying so for instance if we have a file
upload feature
we would want to create a secure file
upload feature and security is outlined
in what the feature does like that it's
part of the description of what will be
performed so it's not we're doing a file
upload and we're smashing a security
control on top of it it's that the
feature that we are offering to our
users is to securely upload files and
this is how we accomplish that whole
thing and a bunch of the things in it
are security does that make sense
yes yes eventually uh if we are building
a good design
and taking all the things into
consideration uh then this becomes a
natural process rather than I would say
and interest of uh that and we need an
expert for it defining the user stories
in a more structured way will eventually
has a natural
um
benefits to uh the developmental life
cycle so yeah
okay so one of the things when I was
reading up on domain or main driven
development was
apes and so I went to go see a talk in
um in September of 2020 no 2022 in
Vienna at this conference called SEC for
Deb and there was this guy who gave a
talk his name's Michael
um Michael copen Copeland
um and he talked about so content
security policy headers growing and
growing and growing it does more and
more stuff and so there was a guy named
Lucas that works at Google and he talked
about that but then Michael talked about
specifically part of it with trusted
types
is is a way that we could enforce the
domain-driven development so you
implement a CSP and one of the things
you would say is these are specific
trusted types and you can only use these
types so instead of having
um let's say you know you have an object
and it collects an email address
but it's not a validated email address
it's just something we got from the user
we don't know if this is good or not and
then rather than us running it through a
validation function of some sort
we pass it to another object that's
called validated email address
and then what it does is it validates it
and then it returns either the email
address or full
because it's not validated right and it
throws an error and it says to the
original email address thing hey go out
and get that email address again because
it's no good and so from then on and all
the rest of your application you just
access the validated email address and
so this solves the problem of I'm sure
you've seen this before where a
developer takes uh something from the
user and there is a validation feature
somewhere in the app but sometimes they
use it first to make a business decision
they take this the user input from the
user and make a business decision before
they validated it or they forgot to do
the input validation like just this one
time and then it gets you somewhere to
make a business decision like you know
something we should send to the SQL
server or something like that and then
disaster ensues so with domain-driven
development if we're planning these
domains and we're using trusted types
CSP can say you know we don't use the
email address we only use validated
email address
type from now on and so that means you
can't put that to the screen or you
can't do these other things with it and
CSP helps so while you're coding it may
seem annoying where it's like you can't
use that and I'm like why it's like
because it's the email address not the
validate email address Tanya that's why
you're supposed to use them like oh CSP
you're right and so that was one of the
ways that was suggested that we would be
able to kind of force some of the
domain-driven development because so the
idea of domain driven development is
awesome but enforcing it seems like it
can be complex
did you want to add any other things on
that
yes I would like to add one more uh
feature about a key principle about
domain driven design uh failing fast as
you were saying that uh validating the
email address and so uh when there's a
you when a user input is uh ingested
into an application so based on uh the
user input we validate it and
um like based on what the design uh the
contract of design says and if the email
address for example is invalid so that
request before it is processed by uh the
method it the request is discarded so it
eventually helps uh in sanitizing of the
input and only correct uh structure of
input is only
ingested into the application so yeah
this is one of the key principle of
domain driven design and uh and apart
from that I would say a validation
becomes is always a very critical aspect
of all the applications and if the user
input is not validated properly it can
lead into various types of attacks like
cross-site scripting or code injection
and it's an attacker's playground to
exploit and to the level of extent they
want to go and I would say that well
when interacting with developers uh
validation is not properly understood
and with domain driven design we have
like with this particular concept we
have uh we can Define at various stages
where we can validate a user input and
ideally there are five way five five
stages we can validate a user input in
to ensure that no malicious input is
ingested into the application
so the first one is uh to check the
origin from where the data is coming
then the size of the user input and
latex the context of the basically
context of the user input and we can do
it through regex or other ways other
other open source libraries for it and
the syntax which is there in the user
input and eventually uh semantics of the
user input to ensure that all the user
input is uh it makes sense for an
application to process it so if we
Implement validation at these levels
then I would say a very high number I
would say 90 percent of security issues
are resolved if we are validating user
input properly
literally that was the exact question I
was going to ask you how many security
problems would just be eliminated if we
all did perfect input validation yes yes
so if everyone could just listen to what
he said especially every software
developer on the planet just follow his
advice I'd appreciate it because
seriously you and I we wouldn't wouldn't
need jobs or we would need to get other
jobs because everything would be no
might be so much better if input
validation input validation and proper
hardening and keeping up with patches
the world would be a very secure place
okay
so true and I think domain driven
development and actually I have one more
question
I mean I have a thousand questions but I
want to respect your time
so do domain driven design and domain
driven development are those kind of the
same thing or are they sort of different
um basically it's um the design I would
say in I will explain you in terms of
sdlc so before we actually develop
anything we design it and and
the term they are I would say one and
the same thing and it is used at
different stages so when we are
designing a solution then that what we
mean is to model basically an
application and a problem statement and
where uh
I would say I saw a it a modeling
requires collaboration between domain
and software practitioners where the
requirements are being fetched and
understood uh and then written into user
stories and
and base once we understand what we need
to build then we design our uh solution
and eventually that leads to development
so uh having a strong design will will
make sure that the development is more
secure and well understood by the
developers when they are writing code so
I would say there is a definite uh would
say mapping between them and then go in
sync together
okay so I'm going to ask a super
sensitive question so when I was a
software developer I always never handed
a good design doc they'd be like it's
going to do this stuff good luck Janka
um I never got like
you know you know this is the domain
it's in these are the objects we want
this is that I never ever received
something like that when I was a
developer is this something that is this
something that's in wide practice is
this something that like organizations
could Implement like how could we take
advantage of this cool methodology
um yes I would say that this is a very
Advanced uh I would say uh principle and
through if we follow and if we
understand domain driven design then uh
developing a very complex solution will
eventually become very easy for it for
us to implement and uh so uh for that we
have to understand the building blocks
of domain driven design and uh I will go
them uh like on an high level on the
building blocks uh so the first is
entities so what are entities entities
are I would say a primary key or a key
identity of an individual or a product
uh which is consistent towards in the
entire life cycle and we should
emphasize that once we are defining an
entity it should be
always consistent and there uh and well
coordinated uh throughout the life cycle
which will make sure that um
we can control the behavior of an of a
of an object in an application and then
it will help us in resolving a lot of uh
security issues later in the uh in the
phases
oh sorry please yeah sorry sorry
I feel like if we could hand to a
software developer or a team of software
Developers
an entire design modeled upon this
methodology I feel like
I feel like it would be a dream as a Dev
it's like oh I know like I just like
feeling like so right I got this like
have you have you ever
um had a chance to work with this where
you got to get feedback from the
developers as to if they liked having
this level of guidance is
I would say that uh I have not uh so far
uh able to get a pitch in this idea uh
for most of our customers because uh it
is still relatively new for people to
understand and start implementing
but it is I would say it is a very
powerful uh powerful principle and it
should be uh and through this I would uh
like people to be uh aware and adopt uh
adopt this new methodology in which uh
we uh we can eventually build more
secure products and eventually if uh
reading through code will make sense for
for the people in the longer run and the
maintainability of our solution will be
uh very beneficial to be having a very
benefit of
it will be very beneficial for us no I
agree completely I mean like when I was
a software developer the design doc
would be like
idea of being past something that's so
organized and just being able to look
over it because I I remember being a Dev
and like talking about the things and
saying like yo this is like this won't
work because of this or this can work
because of that and offering feedback on
designs but actually getting one that
was good and getting to work with it I
think
it might speed up the entire development
process because they have clear guidance
for the first time and from a security
perspective being able to just look at
the design and having literally the
words explain what it does that sounds
fantastic
okay so we are coming to the end of our
time and so I'm going to ask the thing I
always ask if people want more of you
where could they perhaps follow you on
social media or maybe you might have a
Blog that they might want to read
yes I have a Blog uh which is we can
share uh with with this platform and
people who are interested in
understanding and like diving in deep
with me I will be very happy to
collaborate with them and I'm active on
LinkedIn and I can share the link with
you and will be
like happy to connect with people who
have similar interests
that would be awesome so if you are
listening or watching so if you're
watching you're on YouTube you just go
down the page and there will be links to
all of the things that we talked about
so that you can follow him and you can
read his blog if you are listening it's
audio only if you uh chances are you're
on a podcast episode if you go to the
show notes you should be able to see
this link but some of the podcast
platforms don't allow that so for you
folks I would say that you should cruise
on over to wehackpurple.com
podcast and then you will see this
gentleman's face and hear his voice and
go to his page so this I believe is
going to be number 68 podcast episode
68. and so to scroll down we have a
whole bunch and you will find this one
and it will say design driven
development I want to thank our sponsor
one more time the Diana initiative this
is a conference that is focused
specifically on helping people from
underrepresented groups get into
information security so working in our
field their event is held August 7th in
Las Vegas in the United States it's
gonna be hot there it's going to be very
warm their tickets are super reasonable
to be priced compared to basically
everything else that ever happens in Las
Vegas there's going to be tons of
friendly faces including mine we had
purple is a proud sponsor of the Diana
initiative and I'm looking forward to
seeing lots of you there
but now that I've thanked my sponsor I
want to say thank you to my guest I
really appreciate you being on our
podcast and I know that it's not like
you do 100 podcasts all the time so I
appreciate you taking a chance on rehab
purple
yep thanks uh Daniel for having me and
giving me the opportunity to express
this awesome okay bye everyone