secure coding patterns - goto conference...secure coding patterns andreas hallberg, truesec trust...
TRANSCRIPT
![Page 1: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/1.jpg)
Secure Coding Patterns
Andreas Hallberg, TrueSec
![Page 2: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/2.jpg)
Trust
Domain-Driven Security
The Untrusted Pattern
The Inverse Life Coach Pattern
Immutability
![Page 3: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/3.jpg)
TrustThe foundation of software security
![Page 4: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/4.jpg)
![Page 5: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/5.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
3. Transfer X euro from account Y toaccount Z, please!
4. Ok!
![Page 6: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/6.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
What might go wrong?
![Page 7: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/7.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
How can the bank be sure that Bob is Bob?How can Bob be sure that the bank is the bank?
3. Transfer X euro from account Y toaccount Z, please!
4. Ok!
![Page 8: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/8.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
Do we know that Bob owns account Y?
3. Transfer X euro from account Y toaccount Z, please!
4. Ok!
![Page 9: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/9.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
Do we know that account Y holds X euro?
3. Transfer X euro from account Y toaccount Z, please!
4. Ok!
![Page 10: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/10.jpg)
1. Hello! I’m Businessman Bob!
2. Hello! I’m the bank!
Do we even know that X is a number?
3. Transfer X euro from account Y toaccount Z, please!
4. Ok!
![Page 11: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/11.jpg)
Your application
The user3rd party services
Database
HTTP/S request data
etc...
Trust boundary
![Page 12: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/12.jpg)
TRUSTED
UNTRUSTED
![Page 13: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/13.jpg)
Validation
Untrusted
Rejected Trusted
![Page 14: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/14.jpg)
Validation and friends
• Validation• Making sure data is valid in the domain
Example: I can’t transfer amount “a” or -1
• Canonicalization and/or normalization• Must happen *before* validation!
Example: c:\public\fileupload\..\..\secrets\keys => c:\secrets\key
• Sanitization• Clean up dangerous/unknown data
Example: log injection
![Page 15: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/15.jpg)
Validation, cont.
• Always prefer whitelisting over blacklisting• It’s easier to figure out what’s valid over what’s not valid
• Strict validation finds bugs early!
![Page 16: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/16.jpg)
Ask yourself...
What is the largest acceptable range for this parameter?
Don’t accept any more than that!
![Page 17: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/17.jpg)
Trust
![Page 18: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/18.jpg)
Domain-Driven SecurityUse the type system and your domain objects
![Page 19: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/19.jpg)
1. Hello! This is Bob again!
2. Hello Bob! I’m still the bank!
3. Transfer -1000 euro from account Yto account Z, please!
4. Ok!
![Page 20: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/20.jpg)
The same validation has to be performed over and over • Easy to forget to validate somewhere
• Validation ends up everywhere in the code, but (because of this?) is easily forgotten
• Should validate even from “internal” sources such as databasesExample: stored XSS
![Page 21: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/21.jpg)
Your application
The user
3rd party services
DatabaseHTTP/S request data
etc...
Trust boundaryString String
Integer
Integer
Validation
Validation
![Page 22: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/22.jpg)
Domain-Driven Security
• Primitive types and data structures are untrusted by default• Strings, integers, byte arrays, collections etc.
• Domain objects• Built-in validation
• (Immutability – more on this later!)
![Page 23: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/23.jpg)
Your application
The user
3rd party services
DatabaseHTTP/S request data
etc...
Trust boundaryString
Integer
Account
Amount
![Page 24: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/24.jpg)
public final class AccountNumber {
private final String value;
public AccountNumber(String value) {
if(!isValid(value)){
throw new IllegalArgumentException("Invalid account number");
}
this.value = value;
}
public static boolean isValid(String accountNumber){
return accountNumber != null && hasLength(accountNumber, 10, 12) && isNumeric(accountNumber);
}
}
![Page 25: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/25.jpg)
Webservice
SOAP (int, string, byte[], ...)
User Account
![Page 26: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/26.jpg)
SOAP (int, string, byte[], ...)
Exception!
User Account
Webservice
![Page 27: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/27.jpg)
public void Reticulate(Spline spline, int angle);
WTF ??
public void Reticulate(Spline spline, Angle angle);
![Page 28: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/28.jpg)
Domain Driven Security essentials
• The type system ensures that the correct domain object must be used
• You know that all domain objects are valid
• Remember: you still need to validate your business rules! But at least you don’t have to worry about the building blocks being invalid
• You know you forgot to validate something when you see primitive types being passed around
![Page 29: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/29.jpg)
One more thing...
![Page 30: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/30.jpg)
Never let null carry information!
• Value might not exist => Optional<T>
• “This shouldn’t happen!” => Throw!
![Page 31: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/31.jpg)
public class Optional<T> {
public bool IsPresent();
public T Get();}
int? foo = null;
![Page 32: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/32.jpg)
Trust
Domain-Driven Security
Trust
![Page 33: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/33.jpg)
The Untrusted PatternMake trust a first-class concept at trust boundaries
![Page 34: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/34.jpg)
public void Foo(string bar){
if (!IsValid(bar)){
throw new ValidationException();}
DoSomethingWith(bar);}
![Page 35: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/35.jpg)
public void Foo(string untrusted_bar){
if (!IsValid(untrusted_bar)){
throw new ValidationException();}var bar = untrusted_bar;
DoSomethingWith(bar);}
![Page 36: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/36.jpg)
public void Foo2(string untrusted_bar,string untrusted_frob,byte[] data);
WTF ??
![Page 37: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/37.jpg)
public void Foo(string untrusted_bar){
var bar = Validate(untrusted_bar);
DoSomethingWith(bar);}
![Page 38: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/38.jpg)
public void Foo(Untrusted<string> bar);
![Page 39: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/39.jpg)
public class Untrusted<T>{
readonly T _value;
public Untrusted(T value){
_value = value;}
private T Value{
get { return _value };}
}
[assembly: InternalsVisibleTo("Validation")]
![Page 40: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/40.jpg)
// In the "Validation" assembly
public abstract class Validator<T>{
public T Validate(Untrusted<T> untrusted){
if (!InnerValidate(untrusted.Value)){
throw new ValidationException();}return untrusted.Value;
}
protected abstract bool InnerValidate(T value);}
![Page 41: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/41.jpg)
public void HandleAcctNbr(Untrusted<string> accountNbr){
var trusted = newAccountNumberValidator().Validate(accountNbr);
DoSomethingWith(trusted);}
![Page 42: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/42.jpg)
public void CreateAccount(string nbr){
var untrustedNbr = new Untrusted<string>(nbr);HandleAccountNbr(untrustedNbr);...
}
![Page 43: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/43.jpg)
Trust
Domain-Driven Security
The Untrusted Pattern
![Page 44: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/44.jpg)
ImmutabilityStuff passed over a trust boundary, regardless of direction, should not be able to change later.
![Page 45: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/45.jpg)
Does your application handle concurrency?
• Hundreds of threads?
• How does that affect validation?
• The thing you just validated, is it still valid?
![Page 46: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/46.jpg)
TOCTTOU
Time Of Check To Time Of Use
![Page 47: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/47.jpg)
public void tryTransfer(Amount amount) {
if (!this.account.contains(amount)) {
throw new ValidationException();
}
transfer(amount);
}
TOC
TOU
Thread 2: amount.setValue(1000000);
![Page 48: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/48.jpg)
public class Amount {
private final Integer value;
public Amount(Integer value) {
if (!isValid(value) {
throw new IllegalArgumentException();
}
this.value = value;
}
public Integer getValue() {
return this.value;
}
}
![Page 49: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/49.jpg)
Immutability
• Immutability significantly reduces TOCTTOU-problems
• Plays very well with Domain Driven Security• … and readability
• … and parallelization
• … and event sourcing
• ... etc
![Page 50: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/50.jpg)
Race condition, web example
![Page 51: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/51.jpg)
public void Wizard_Step3(Guid key){
var data = wizardData[key];if (UserHasAccess(HttpContext.Current.User, data.ProductId)) // TOC{
DoSomethingWith(data); // TOU}
}
{ Wizard_Step2(key, secret_productId) }
public Guid Wizard_Step1(){
var key = Guid.NewGuid();wizardData.Add(key, new Data());return key;
}
public void Wizard_Step2(Guid key, string productId){
wizardData[key].ProductId = productId;}
static Dictionary<Guid, Data> wizardData = new Dictionary<Guid, Data>();
![Page 52: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/52.jpg)
public Guid Wizard_Step1(){
var key = Guid.NewGuid();wizardData.Add(key, new ImmutableData());return key;
}
public void Wizard_Step2(Guid key, string productId){
var data = wizardData[key];var newData = data.CloneWithProductId(productId); // Copies data, new productIdwizardData[key] = newData;
}
public void Wizard_Step3(Guid key){
var data = wizardData[key];if (UserHasAccess(HttpContext.Current.User, data.ProductId)) // TOC{
DoSomethingWith(data); // TOU}
}
static Dictionary<Guid, ImmutableData> wizardData = new Dictionary<Guid, ImmutableData>();
![Page 53: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/53.jpg)
Immutability
• Security spray
• Should be the norm!
![Page 54: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/54.jpg)
Trust
Domain-Driven Security
The Untrusted Pattern
Immutability
![Page 55: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/55.jpg)
The Inverse Life Coach PatternBe a pessimist!
![Page 56: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/56.jpg)
boolean success = true;
return success;
![Page 57: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/57.jpg)
boolean success = false;
return success;
Assume failure!
![Page 58: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/58.jpg)
public ResultData doStuff(Account account) {if (!hasAccess(account)) {throw new Exception();
}
return new ResultData(stuffFromCode);
}
Fail fast and force a narrow path of success
Fail fast (use Exceptions)!
Enforce ”path of success” – no way ofexiting without a valid object
![Page 59: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/59.jpg)
![Page 60: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/60.jpg)
Consider your Trust Boundaries
![Page 61: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/61.jpg)
Enjoy Domain-Driven Security
![Page 62: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/62.jpg)
Immutability should be the norm
![Page 63: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/63.jpg)
Null is a burning bag of dog poop
![Page 64: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/64.jpg)
Fire your Life Coach
![Page 66: Secure Coding Patterns - GOTO Conference...Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern The Inverse Life Coach Pattern Immutability](https://reader033.vdocuments.site/reader033/viewer/2022042309/5ed6e237df0eda5e752ae56a/html5/thumbnails/66.jpg)
• Hacking Modern Cars - How to do it and How to Stop it • The Jurassic Web Attack• Hackers toolkit • Security threats and mitigations for iOS developers • HTTP/2 is a faster and safer HTTP • What's up with XXE? • A Live hacking experience!
http://oredev.org/2015/security-day