Explore a comprehensive examination of microservice security challenges and solutions in this conference talk. Delve into the technical aspects of securing microservice architectures, including protecting information flow across networks and maintaining security levels comparable to monolithic systems. Learn about key security challenges specific to microservices and discover approaches to address these issues. Gain insights into advanced security concepts such as secret stores, time-limited credentials, improved backup strategies, confused deputy problems, JWT tokens, and service meshes. Understand the state-of-the-art techniques for building secure microservice architectures, covering topics like transport security, certificate management, service mesh implementation, and version drift management. Examine real-world security breaches, password best practices, and the importance of patch hygiene in microservice environments. Acquire valuable knowledge on assessing security risks, implementing defense-in-depth strategies, and addressing the unique security concerns that arise in distributed systems.
Overview
Syllabus
Welcome
Book
Breaches
Meltdown and Spectre
GDPR
Application delivery
A deal fries
Experts
Hexagons
Microservice Architecture
Single Egg Problem
Defense indepth
The problem
A crash
Assessing security risks
Verizon Data Breach Report
Bad Passwords
NIST
Long passwords
Complex password schemes
Password entropy
Password managers
The Three Hour
Advanced Persistent Threat
Target Data Breach
DNC Hack
Rotation
Repair
Shortlived credentials
Tools
Vault
James Sharding
Console Template
Security Breaches
Equifax
Patch hygiene
Microservice architectures
Stack diagrams
Docker vulnerability scanning
Unpatched operating systems
Thirdparty dependencies
The key thing
The first step
Transport security
HTTP TLS
Certificate Management
HTTPS
Core Concerns
Observation of Data
Protocols
Transport Authentication
Jot Tokens
Service Mesh
Services Communication
Version Drift
Sidecar
Taught by
NDC Conferences
