Explore practical approaches to securing microservices in this insightful conference talk from GOTO Chicago 2016. Delve into the fundamental differences between monolithic and microservice architectures from a security perspective. Learn about various threat types, authentication, and authorization challenges specific to microservices. Discover strategies for planning secure microservices, including tokenization, input validation, and the principle of least privilege. Examine the security implications of coupling, third-party code, and orchestration layers in microservice environments. Gain valuable insights on implementing fine-grained permissions, logging, monitoring, and maintaining compliance in mutable architectures. Understand the security benefits and potential risks associated with different programming languages and tools in microservice development. Conclude with essential takeaways on interdependency, logging practices, and defending against denial of service attacks in microservice ecosystems.
Overview
Syllabus
Intro
Who am I
Fundamentals
The monolith
The basics
Types of threats
Stack Overflow
WASP
Authentication Authorization
Microservices
Planning
Authorization
Publicfacing API
Tokenization
Input Validation
First Time Round
Application Security
Monster Microservice
Coupling
Its not your code
Orchestration layer
Tiny components
Is this worrying
We are incredibly lazy
Features that scare me
How do we do this
Challenge us
Principle of Least Privilege
Define Your Roles
Finegrained Permissions
Logging and Monitoring
Mutable Architecture
Compliance
Perspective
Security benefit
Languages
Tools
Interdependency
Puppy analogy
Logging
Denial of Service
Hacking Team
Logs
Wrap up
Taught by
GOTO Conferences
