Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Microservice Architectures

Laura Bell
September 03, 2015
Technology
2
340

Securing Microservice Architectures

Presented at Microsoft Ignite NZ 2015 by Laura Bell

Laura Bell

September 03, 2015
Tweet

More Decks by Laura Bell

See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
240
Hackcon 11 - Protecting our people
ladynerd
0
220
Security in a container based world
ladynerd
0
140
Better Connected
ladynerd
0
58
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.7k
Blindsided by security
ladynerd
0
82
Practical tools for privacy audit
ladynerd
0
180
For the greater good? Open sourcing weaponisable code
ladynerd
1
310

Other Decks in Technology

See All in Technology
Asset Centric な データ変換パイプラインの攻略法
recruitengineers
PRO
1
110
アクセシブルなマークアップの上に成り立つユーザーファーストなドロップダウンメニューの実装 / 20250127_cloudsign_User1st_FE
bengo4com
1
1.1k
Platform EngineeringがあればSREはいらない!? 新時代のSREに求められる役割とは
mshibuya
2
3.4k
Re:Define 可用性を支える モニタリング、パフォーマンス最適化、そしてセキュリティ
pyama86
9
4.9k
Windows Server 2025 へのアップグレードではまった話
tamaiyutaro
2
240
クロスアカウントな RDS Snapshot Export による カジュアルなデータ集約の仕組み / 202501-finatext-technight-lt
wa6sn
1
120
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
10
120k
20250122_個人向けCopilotどうなん
ponponmikankan
0
190
消し忘れリソースゼロへ!私のResource Explorer活用法
cuorain
0
120
HCP Terraformで実現するPlatform Engineering/nikkei-tech-talk-29
nikkei_engineer_recruiting
0
210
横断SREの立ち上げと、AWSセキュリティへの取り組みの軌跡
rvirus0817
3
3.8k
レイクハウスとはなんだったのか?
akuwano
14
1.7k

Featured

See All Featured
Six Lessons from altMBA
skipperchong
27
3.6k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Music & Morning Musume
bryan
46
6.3k
Thoughts on Productivity
jonyablonski
68
4.4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
Building Your Own Lightsaber
phodgson
104
6.2k
Site-Speed That Sticks
csswizardry
3
300
The Language of Interfaces
destraynor
156
24k
Speed Design
sergeychernyshev
25
750
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k

Transcript

  1. None

  2. Securing Microservice Architectures Laura Bell (@lady_nerd) M239

  3. None

  4. Modern

  5. caution: fast paced field ahead watch for out of date

    content

  6. In this talk Microservice Fundamentals Some important points that are

    worth refreshing Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
  7. None
  8. None
  9. None

  10. apps that automatically scale up to handle millions of users

    and scale down again to have this be done by smaller teams

  11. many are 100 or so lines some are around 1,000

    lines

  12. Integrity   Availability   Confiden3ality  

  13. Spoofing Tampering Repudia1on Informa1on  Disclosure Denial  of  Service Escala1on  of

     Privilege
  14. None

  15. Service decomposition

  16. shouldn’t

  17. None

  18. exhaustion

  19. Orchestration layer attacks

  20. simple

  21. rule them all?

  22. Choose Restrict Monitor Configure Challenge Test

  23. Identity and access management

  24. the lowest set of permissions and accesses required to do

    your job

  25. require well defined roles

  26. Automate and alert

  27. mature groups and role assistance

  28. Immutable architectures matter in microservice security

  29. (but you might not be the right person to audit

    them)

  30. (including those changes made by an attacker)

  31. become hard to persist

  32. Heterogeneous language and technology spaces

  33. None

  34. you

  35. technologies

  36. vulnerability management can be challenging in microservice architectures

  37. None

  38. Testing

  39. (doesn’t require a specialist third party)

  40. OWASP Zap Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Gauntlt http://gauntlt.org/ BDD Security http://www.continuumsecurity.net/bdd-intro.html

  41. software testing technique discover coding errors security loopholes massive amounts

    of random data attempt to make it crash
  42. None

  43. Logging and monitoring

  44. All

  45. secure location immutable format away from production

  46. denial of service attacks

  47. like actually, for real, not just when you’re debugging

  48. None

  49. TL;DR Microservice Fundamentals Some important points that are worth refreshing

    Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response

  50. Security in a Container-based World Friday 11:55am Find me later

    at… §  Hub Happy Hour Wed 5:30-6:30pm §  Hub Happy Hour Thu 5:30-6:30pm §  Closing drinks Fri 3:00-4:30pm 1 2 3 4 5 6

  51. Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz http://aka.ms/ch9nz Free Online

    Learning http://aka.ms/mva Sessions on Demand
  52. None

  53. © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and

    other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.