Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
In 2018, security breaches at Facebook, Saks Fifth Avenue, Panera, Orbitz, and numerous other organizations affected millions of customer records, surpassing the already staggering number of commercial security breaches in 2017. For the companies involved, these security failures stained their reputations, costing both money and priceless customer confidence.
As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data – and your company’s reputation – safe!
Microservices Security in Action teaches you how to secure your microservices applications code and infrastructure. After a straightforward introduction to the challenges of microservices security, you’ll learn fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, you’ll explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA).
- Key microservices security fundamentals
- Securing service-to-service communication with mTLS and JWT
- Deploying and securing microservices with Docker
- Using Kubernetes security
- Securing event-driven microservices
- Using the Istio Service Mesh
- Applying access control policies with OPA
- Microservices security best practices
- Building a single-page application to talk to microservices
- Static code analysis, dynamic testing, and automatic security testing
Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You’ll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you’re finished reading, you’ll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they’re secure!