BOOK:SECURE_BY_DESIGN — Extraction Index¶
TITLE: Secure by Design
AUTHORS: Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano
PUBLISHER: Manning (2019)
ISBN: 978-1-61729-435-8
PAGES: 400
EXTRACTED: 2026-03-19
EXTRACTED_BY: claude (book processing pipeline test)
PURPOSE¶
Traceability index — maps book chapters to wiki domain pages.
Agents do NOT read this page directly. This exists for:
- auditing which book content was extracted
- finding source material for deeper research
- tracking coverage gaps
CHAPTER → WIKI_PAGE MAPPING¶
| chapter | title | extracted to | coverage |
|---|---|---|---|
| 1 | Why design matters for security | secure-design-patterns.md (CORE_PRINCIPLE, CIA_T) | full |
| 2 | Intermission: The anti-Hamlet | secure-design-patterns.md (DOMAIN_PRIMITIVES examples) | concepts only |
| 3 | Core concepts of DDD | secure-design-patterns.md (AGGREGATES_AND_BOUNDARIES) | security-relevant parts |
| 4 | Code constructs promoting security | secure-design-patterns.md (IMMUTABILITY, VALIDATION_ORDER) | full |
| 5 | Domain primitives | secure-design-patterns.md (DOMAIN_PRIMITIVES, TAINT_ANALYSIS) | full |
| 6 | Ensuring integrity of state | secure-design-patterns.md (ENTITY_INTEGRITY) | full |
| 7 | Reducing complexity of state | secure-design-patterns.md (ENTITY_COMPLEXITY_PATTERNS) | full |
| 8 | Leveraging delivery pipeline | secure-pipeline-practices.md | full |
| 9 | Handling failures securely | secure-failure-handling.md (EXCEPTION_HANDLING, BAD_DATA) | full |
| 10 | Benefits of cloud thinking | secure-failure-handling.md (CLOUD_DESIGN) | full |
| 11 | Intermission: Insurance policy | secure-failure-handling.md (concepts folded in) | concepts only |
| 12 | Guidance in legacy code | legacy-and-microservices-security.md (LEGACY_CODE) | full |
| 13 | Guidance on microservices | legacy-and-microservices-security.md (MICROSERVICES) | full |
| 14 | Don't forget about security! | legacy-and-microservices-security.md (CODE_REVIEW, INCIDENT) + secure-pipeline-practices.md (PEN_TEST_RESPONSE) | full |
KEY CONCEPTS EXTRACTED¶
| concept | wiki location | section |
|---|---|---|
| domain primitives | secure-design-patterns.md | DOMAIN_PRIMITIVES |
| validation order (size→lexical→syntax→semantics) | secure-design-patterns.md | VALIDATION_ORDER |
| immutability for security | secure-design-patterns.md | IMMUTABILITY |
| entity integrity (creation, protection, patterns) | secure-design-patterns.md | ENTITY_INTEGRITY |
| entity snapshot/relay/state object | secure-design-patterns.md | ENTITY_COMPLEXITY_PATTERNS |
| read-once objects (sensitive data) | secure-design-patterns.md | READ_ONCE_OBJECTS |
| taint analysis | secure-design-patterns.md | TAINT_ANALYSIS |
| aggregates and bounded contexts | secure-design-patterns.md | AGGREGATES_AND_BOUNDARIES |
| CIA-T concern profiling | secure-design-patterns.md | CIA_T |
| business vs technical exceptions | secure-failure-handling.md | EXCEPTION_HANDLING |
| never repair bad data | secure-failure-handling.md | BAD_DATA |
| circuit breakers | secure-failure-handling.md | AVAILABILITY_DESIGN |
| bulkheads | secure-failure-handling.md | AVAILABILITY_DESIGN |
| twelve-factor security benefits | secure-failure-handling.md | TWELVE_FACTOR_SECURITY_BENEFITS |
| three R's (rotate/repave/repair) | secure-failure-handling.md | THREE_RS |
| logging as event stream | secure-failure-handling.md | LOGGING_SECURITY |
| four layers of security testing | secure-pipeline-practices.md | TESTING_CATEGORIES |
| feature toggle security | secure-pipeline-practices.md | FEATURE_TOGGLES |
| configuration validation | secure-pipeline-practices.md | CONFIGURATION_VALIDATION |
| pen test response levels | secure-pipeline-practices.md | PENETRATION_TEST_RESPONSE |
| ambiguous parameter lists | legacy-and-microservices-security.md | AMBIGUOUS_PARAMETER_LISTS |
| log injection / unchecked strings | legacy-and-microservices-security.md | UNCHECKED_STRINGS_IN_LOGGING |
| DRY is about ideas not text | legacy-and-microservices-security.md | DRY_MISAPPLICATION |
| domain-oriented logger API | legacy-and-microservices-security.md | DOMAIN_ORIENTED_LOGGER_API |
| microservice API as security boundary | legacy-and-microservices-security.md | API_DESIGN_SECURITY |
NOT EXTRACTED (low agent relevance)¶
- Historical anecdotes (bank robbery narrative, insurance case study) — used as analogies only
- Java/ORM-specific implementation details (JPA no-arg constructor workarounds)
- Generic DDD tutorial content (already covered by backend domain knowledge)
- Book foreword, preface, about sections