Explore a comprehensive overview of securing modern API and microservice-based applications in this 45-minute conference talk from LASCON 2019. Gain a high-level understanding of contemporary API and microservices architectures, learn about key security concerns, and discover best practices for securing microservices and their APIs. Benefit from the speaker's extensive experience in building security architecture patterns and solutions for a major global financial institution, and acquire actionable architectural insights. Delve into topics such as monolithic vs. microservice applications, service-oriented architecture, API gateways, security benefits, user-level security context, end-to-end trust, service-level mutual authentication, token exchange, authorization, rate limiting, and group policy.
Securing Modern API and Microservice Based Applications by Design
Overview
Syllabus
Introduction
Presentation Overview
Agenda
What are Microservices
Monolithic Applications
Microservice Applications
ServiceOriented Architecture
Microservices
API
Web API
API Gateway
Security Benefits
NonSecurity Benefits
User Level Security Context
EndtoEnd Trust
Service Level Mutual Authentication
Token Exchange Endpoint
Token Exchange Architecture
User Level Internet Trust
Authorization
Authentication and Authorization
Invocation
Rate Limiting
Group Policy
Takeaway
Taught by
LASCON
Related Courses
-
API Security in the Age of Microservices
5.0 -
Microservices Architecture and Moleculer JS Introduction - Crash Course
-
Practical Microservice Security
-
Insecure Transit - Microservice Security Challenges and Solutions
-
Securing Web Applications and APIs with ASP.NET Core 2.2 and 3.0
-
Running at Light Speed - Cloud Native Security Patterns
