Explore a comprehensive conference talk on microservice security, delving into technical challenges and solutions for securing distributed architectures. Learn about protecting systems in depth, addressing network information flow concerns, and implementing advanced security measures. Discover key concepts such as secret stores, time-limited credentials, backups, confused deputy problems, JWT tokens, and service meshes. Gain insights into assessing risks, managing passwords, handling vulnerabilities, and implementing HTTPS and certificate management. Understand modern deployment stacks, threat modeling, and common security concerns in microservice environments. Master techniques for building secure microservice architectures that surpass traditional monolithic systems in terms of protection and scalability.
Overview
Syllabus
Introduction
Welcome
Sam Newman
Assessing risk
Verizon Data Breach Report
NIST
Longer passwords
Short passwords
Password managers
Code Spaces
API Keys
Credentials
Passwords
Secret Stores
Vault
Console Template
Known vulnerabilities
Equifax
Russian Doll
Modern Deployment Stack
Snick
Threat Modeling
HTTPS Everywhere
Server guarantees
Client guarantees
Serverside certificate management
Clientside certificate management
Certificate management
Mutual TLS
Neutral TLS
The Problem
Demo
Confusing Deputy Problem
JWT Tokens
Service Mesh
Netflix
Sidecar
Service meshes
Common concerns
MutualTLS
Summary
Taught by
NDC Conferences
