Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Securing Microservice Architectures
Search
Laura Bell
September 03, 2015
Technology
2
340
Securing Microservice Architectures
Presented at Microsoft Ignite NZ 2015 by Laura Bell
Laura Bell
September 03, 2015
Tweet
Share
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
220
Hackcon 11 - Protecting our people
ladynerd
0
220
Security in a container based world
ladynerd
0
130
Better Connected
ladynerd
0
52
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.6k
Blindsided by security
ladynerd
0
79
Practical tools for privacy audit
ladynerd
0
170
For the greater good? Open sourcing weaponisable code
ladynerd
1
300
Other Decks in Technology
See All in Technology
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
220
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
49k
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
5.4k
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
APIテスト自動化の勘所
yokawasa
7
4.2k
マネジメント視点でのre:Invent参加 ~もしCEOがre:Inventに行ったら~
kojiasai
0
470
現地でMeet Upをやる場合の注意点〜反省点を添えて〜
shotashiratori
0
530
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
640
分布で見る効果検証入門 / ai-distributional-effect
cyberagentdevelopers
PRO
4
700
AWSコンテナ本出版から3年経った今、もし改めて執筆し直すなら / If I revise our container book
iselegant
15
4k
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
330
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Scaling GitHub
holman
458
140k
A better future with KSS
kneath
238
17k
Code Review Best Practice
trishagee
64
17k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Adopting Sorbet at Scale
ufuk
73
9k
Building Adaptive Systems
keathley
38
2.2k
Producing Creativity
orderedlist
PRO
341
39k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
22k
Thoughts on Productivity
jonyablonski
67
4.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Transcript
None
Securing Microservice Architectures Laura Bell (@lady_nerd) M239
None
Modern
caution: fast paced field ahead watch for out of date
content
In this talk Microservice Fundamentals Some important points that are
worth refreshing Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
None
None
None
apps that automatically scale up to handle millions of users
and scale down again to have this be done by smaller teams
many are 100 or so lines some are around 1,000
lines
Integrity Availability Confiden3ality
Spoofing Tampering Repudia1on Informa1on Disclosure Denial of Service Escala1on of
Privilege
None
Service decomposition
shouldn’t
None
exhaustion
Orchestration layer attacks
simple
rule them all?
Choose Restrict Monitor Configure Challenge Test
Identity and access management
the lowest set of permissions and accesses required to do
your job
require well defined roles
Automate and alert
mature groups and role assistance
Immutable architectures matter in microservice security
(but you might not be the right person to audit
them)
(including those changes made by an attacker)
become hard to persist
Heterogeneous language and technology spaces
None
you
technologies
vulnerability management can be challenging in microservice architectures
None
Testing
(doesn’t require a specialist third party)
OWASP Zap Proxy https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Gauntlt http://gauntlt.org/ BDD Security http://www.continuumsecurity.net/bdd-intro.html
software testing technique discover coding errors security loopholes massive amounts
of random data attempt to make it crash
None
Logging and monitoring
All
secure location immutable format away from production
denial of service attacks
like actually, for real, not just when you’re debugging
None
TL;DR Microservice Fundamentals Some important points that are worth refreshing
Prevention Avoid common vulnerabilities and avoid mistakes Detection Prepare for survival and response
Security in a Container-based World Friday 11:55am Find me later
at… § Hub Happy Hour Wed 5:30-6:30pm § Hub Happy Hour Thu 5:30-6:30pm § Closing drinks Fri 3:00-4:30pm 1 2 3 4 5 6
Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz http://aka.ms/ch9nz Free Online
Learning http://aka.ms/mva Sessions on Demand
None
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and
other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.