Slide 1

Slide 1 text

Effecient Ways of Implementation Secure HTTP in Microservices

Slide 2

Slide 2 text

SELÇUK USTA Software Development Manager @ /in/selcukusta selcukusta.com selcukusta ustasoglu selcukusta (at)gmail.com

Slide 3

Slide 3 text

I’M DEVELOPER AND … NOT MY JOB! I’M SYSADMIN AND … NOT MY JOB!

Slide 4

Slide 4 text

I’M WITH YOU ’TİL THE END OF THE DEPLOYMENT!

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

WE’RE THE TEAM AND SOFTWARE DELIVERY IS OUR JOB!

Slide 7

Slide 7 text

..but…

Slide 8

Slide 8 text

I’ve to learn; OS-level dependencies Computer networking Application topologies New development trends Monitoring and tracing Network & application security As a developer

Slide 9

Slide 9 text

I’ve to learn; OS-level dependencies Computer networking Application topologies New development trends Monitoring and tracing Network & application security As a developer

Slide 10

Slide 10 text

SSL TLS

Slide 11

Slide 11 text

SSL 1.0 (1994)

Slide 12

Slide 12 text

SSL 1.0 (1994) SSL 2.0 (1995)

Slide 13

Slide 13 text

SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996)

Slide 14

Slide 14 text

SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS 1.0 (1999)

Slide 15

Slide 15 text

SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS 1.0 (1999) TLS 1.1 (2006)

Slide 16

Slide 16 text

SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS 1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008)

Slide 17

Slide 17 text

SSL 1.0 (1994) SSL 2.0 (1995) SSL 3.0 (1996) TLS 1.0 (1999) TLS 1.1 (2006) TLS 1.2 (2008) TLS 1.3 (2018) SSL deprecated (2015) Browser supports TLS 1.2 (2013)

Slide 18

Slide 18 text

..so…

Slide 19

Slide 19 text

SSL is the history of TLS and now it’s deprecated

Slide 20

Slide 20 text

..and…

Slide 21

Slide 21 text

SSL and TLS use the same standard digital certificates

Slide 22

Slide 22 text

SSLOffloading Passthrough

Slide 23

Slide 23 text

-> create certificate request on web server -> get certificate from provider -> complete certificate request on web server -> set bindings

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

When an incoming secure HTTP request is not decrypted at the load balancer, the data is passed along to the backend server for decryption.

Slide 27

Slide 27 text

When an incoming secure HTTP request is not decrypted at the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…)

Slide 28

Slide 28 text

When an incoming secure HTTP request is not decrypted at the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management.

Slide 29

Slide 29 text

When an incoming secure HTTP request is not decrypted at the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important.

Slide 30

Slide 30 text

When an incoming secure HTTP request is not decrypted at the load balancer, the data is passed along to the backend server for decryption. Web application security is top concern. (Banking, payment systems, data protection regulations, etc…) Not sure about the department/provider of network device management. The security of data transfers within LAN is so important. Have more, much more, unlimited CPU. J

Slide 31

Slide 31 text

When an incoming secure HTTP request is decrypted at the load balancer, the data is passed along to the backend server as plain HTTP.

Slide 32

Slide 32 text

When an incoming secure HTTP request is decrypted at the load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems)

Slide 33

Slide 33 text

When an incoming secure HTTP request is decrypted at the load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them)

Slide 34

Slide 34 text

When an incoming secure HTTP request is decrypted at the load balancer, the data is passed along to the backend server as plain HTTP. OS-agnostic certificate management. (Web applications can be executed behind a variety of web servers, running on different operating systems) Using load-balancing and proxy features limitless. (Inspect, manipulate and log the request objects before passing them) "x-forwarded-proto" header is so important, and"x-forwarded-host"! (If the backend application needs to say: "I’m coming from this hostname and with this protocol!")

Slide 35

Slide 35 text

ON AIR: “How to pass secure data to the .NET Core web application is running on Kubernetes?” /in/selcukusta selcukusta.com selcukusta ustasoglu selcukusta (at)gmail.com