Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

NDC Conferences

Practical Microservice Security

NDC Conferences via YouTube

Overview

Explore microservice security in this comprehensive conference talk that delves into securing modern architectures. Learn about tools, techniques, and considerations for protecting applications and organizations. Examine real-world examples of attacks and defense strategies, gaining insights into how to test systems for vulnerabilities. Cover essential topics such as security fundamentals, OWASP guidelines, authentication best practices, service decomposition, orchestration layer attacks, and identity management. Discover the importance of immutable architectures, auditable host configurations, and proper tool selection. Gain valuable knowledge on detection methods and log management to prevent denial of service attacks. Apply the principle of least privilege and understand the differences between roles and fine-grained permissions in microservice environments.

Syllabus

Intro
Security fundamentals
Spoofing Tampering Repudiation Information Disclosure Denial of Service Escalation of Privilege
OWASP Open Web Application Security Project find good trusted, peer reviewed sources
Consistent Planned Authentication
Storage, Quality, Length, Lifecycle the keys to token success
validation required:: every header every field every format every method
Service decomposition
scaling and resource exhaustion
Orchestration layer attacks
features that scare me 1 impersonation 2 investigation mode 3 demo accounts on production 4 SSL interception and analysis 5 many password sins
the golden rule never assume a security vendor is better at secure development than you are
Identity and access
principle of least privilege the lowest set of permissions and accesses required to do your job
Roles V.S. Fine Grain Permissions
Immutable architectures matter in microservice security
Auditable host configurations are a good thing but you might not be the right person to audit them
Avoids configuration creep including those changes made by an attacker
Choose the right tools for the job you are doing
not all technologies have mature libraries, frameworks and documentation
Detection
Poorly managed logs are a simple way to create denial of service attacks

Taught by

NDC Conferences

Reviews

Start your review of Practical Microservice Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.