Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing Microservice Architectures
Search
Laura Bell
September 03, 2015
Technology
2
340
Securing Microservice Architectures
Presented at Microsoft Ignite NZ 2015 by Laura Bell
Laura Bell
September 03, 2015
Tweet
Share
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
220
Hackcon 11 - Protecting our people
ladynerd
0
220
Security in a container based world
ladynerd
0
130
Better Connected
ladynerd
0
53
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.6k
Blindsided by security
ladynerd
0
79
Practical tools for privacy audit
ladynerd
0
170
For the greater good? Open sourcing weaponisable code
ladynerd
1
300
Other Decks in Technology
See All in Technology
신뢰할 수 있는 AI 검색 엔진을 만들기 위한 Liner의 여정
huffon
0
450
カメラを用いた店内計測におけるオプトインの仕組みの実現 / ai-optin-camera
cyberagentdevelopers
PRO
1
130
AWS re:Invent 2024 Kansai Standby
hiroramos4
PRO
0
120
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
10
2.2k
Gradle: The Build System That Loves To Hate You
aurimas
2
170
Spring Frameworkの新標準!? ~ RestClientとHTTPインターフェース入門 ~
ogiwarat
1
200
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
28k
初心者に Vue.js を 教えるには
tsukuha
5
400
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
120
国土交通省 データコンペ参加者向け勉強会
takehikohashimoto
0
260
Datachain会社紹介資料(2024年11月) / Company Deck
datachain
4
17k
運用イベント対応への生成AIの活用 with Failure Analysis Assistant
suzukyz
0
170
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
Side Projects
sachag
452
42k
Agile that works and the tools we love
rasmusluckow
327
21k
Designing for humans not robots
tammielis
249
25k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
Practical Orchestrator
shlominoach
186
10k
Transcript
None
Securing Microservice Architectures Laura Bell (@lady_nerd) M239
None
Modern
caution: fast paced field ahead watch for out of date
content
In this talk Microservice Fundamentals Some important points that are
worth refreshing Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
None
None
None
apps that automatically scale up to handle millions of users
and scale down again to have this be done by smaller teams
many are 100 or so lines some are around 1,000
lines
Integrity Availability Confiden3ality
Spoofing Tampering Repudia1on Informa1on Disclosure Denial of Service Escala1on of
Privilege
None
Service decomposition
shouldn’t
None
exhaustion
Orchestration layer attacks
simple
rule them all?
Choose Restrict Monitor Configure Challenge Test
Identity and access management
the lowest set of permissions and accesses required to do
your job
require well defined roles
Automate and alert
mature groups and role assistance
Immutable architectures matter in microservice security
(but you might not be the right person to audit
them)
(including those changes made by an attacker)
become hard to persist
Heterogeneous language and technology spaces
None
you
technologies
vulnerability management can be challenging in microservice architectures
None
Testing
(doesn’t require a specialist third party)
OWASP Zap Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Gauntlt http://gauntlt.org/ BDD Security http://www.continuumsecurity.net/bdd-intro.html
software testing technique discover coding errors security loopholes massive amounts
of random data attempt to make it crash
None
Logging and monitoring
All
secure location immutable format away from production
denial of service attacks
like actually, for real, not just when you’re debugging
None
TL;DR Microservice Fundamentals Some important points that are worth refreshing
Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
Security in a Container-based World Friday 11:55am Find me later
at… § Hub Happy Hour Wed 5:30-6:30pm § Hub Happy Hour Thu 5:30-6:30pm § Closing drinks Fri 3:00-4:30pm 1 2 3 4 5 6
Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz http://aka.ms/ch9nz Free Online
Learning http://aka.ms/mva Sessions on Demand
None
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and
other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.