Explore the security challenges and solutions for microservices architecture in this 24-minute conference talk from AppSec EU 2017. Dive into the unique security considerations that arise when deploying large-scale applications using microservices. Learn about the benefits and complexities of decoupled services, including supporting various user types from web and mobile to IoT devices. Discover real-world examples of successes and failures in microservices implementation, and understand which security practices translate well from monolithic design. Examine open-source and AWS-related tools for securely sharing secrets between services. Gain insights on implementing authentication in microservice architecture using the API Gateway Pattern. By the end of this presentation, acquire the knowledge to effectively navigate the security landscape of microservices and minimize potential vulnerabilities in your architecture.
Security in the Land of Microservices - Challenges and Solutions
Overview
Syllabus
Intro
What Are Microservices?
Properties of Microservices
SOA/ESB For Hipsters
A Simple Architecture
When Life Was Easy
Infrastructure-As-Code
Containers and Orchestration
Serverless Functions
Where's My Data? Clean Up Your Toys
API Gateway Pattern
Once You Get Past The Gateway
Decentralized Sanity
JSON Web Tokens (IWT)
What About Between Services?
Keeping Secrets
Bad Ideas
Hardcoded Secrets
Secrets Via Environment Variables
A Perfect Solution?
Passing Secrets To A Kubernetes Pod
Summary
Taught by
OWASP Foundation
