Secure by Design: Insights and Pitfalls

Explore the fundamentals and latest insights of Secure by Design principles in this one-hour conference talk. Delve into design strategies that yield implicit security benefits, appealing to developers' instincts for crafting quality software. Discover fruitful design patterns and learn from real-world pitfalls where implementations subtly missed original intentions. Gain valuable knowledge on topics such as domain printers, type systems, domain primitives, encapsulation, validation techniques, and handling secrets. Understand common misconceptions, examine typical code examples, and analyze security problems through practical demonstrations. Enhance your ability to create more secure software by leveraging good design principles and avoiding potential pitfalls in implementation.

Introduction
Who are you
Agenda
Summary
Software bugs
Design patterns
Security for free
Secure by design
Overview
Domain Printers
Swedish Text ID
Typical Code
Security Problem
Type System
List Seed
Domain Primitives
Encapsulation
Cheating
Unit Tests
Misconceptions
Validation
Order of Validation
Misconception of Validation
Example of Validation
Why did we end up here
Recap
Secrets
Misconception
What we intended
Why we ended up in a dead end
The summary
Questions