Security Patterns for Microservice Architectures

Подписаться 57 тыс.

Просмотров 21 тыс.

50% 1

Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This talk will examine well-known and often-used security patterns in the world of microservices.
Blog post: developer.okta.com/blog/2020/...
#Microservices #Security #WebSecurity
Table of Contents
3:05 1. Be Secure by Design
8:13 2. Scan Dependencies
11:03 3. Use HTTPS Everywhere
19:40 4. Use Access and Identity Tokens
25:06 5. Encrypt and Protect Secrets
27:01 6. Verify Security with Delivery Pipelines
30:12 7. Slow Down Attackers
31:08 8. Use Docker Rootless Mode
31:43 9. Use Time-Based Security
33:36 10. Scan Docker and Kubernetes Configuration for Vulnerabilities
35:15 11. Know Your Cloud and Cluster Security
-------------------------------------------------------------------------------------------------------------------------
Okta is a developer API service that stores user accounts for your web apps, mobile apps, and APIs.
* Sign up for Okta for free at developer.okta.com/signup/
* For more info visit us at developer.okta.com/
* Developer Blog: developer.okta.com/blog/
* Follow us on Twitter: / oktadev
* Follow us on FB: / oktadevelopers
* Follow us on LinkedIn: / oktadev

Наука

Опубликовано:

23 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 12

@JimShingler 4 года назад

Great overview. A couple of things I need to looking. Thank you

@DenisIstominRenoiro 2 года назад

Thanks for the video. Nice overview of the landscape of what matters in microservice security. It quite put all the things into places. Definitely worth sharing with my app security team mates

@himanshubhusanrath212 2 года назад

Awesome info. Thank you so much

@abiz504 2 года назад

Fantastic video thanks

@sujeeshsvalath 4 года назад

Great, thanks

@zhaowentao6036 4 года назад

Good slides.

@cjofre 4 года назад

wow! a 911 engine? very nice!

@stavsap 2 года назад

Is the book json web tokens the good part exist? Can’t find it anywhere

@ncflg7667 4 года назад

In the code example around ~18:15 you are setting an token from your javascript client code into the authorization header. This implies the token was either stored in an unsafe (not HttpOnly) cookie or in localStorage...not the best example when talking about security patterns...HttpOnly cookies with the secure flag is the only place where a token can be stored securely on the client side

@mraible 4 года назад

Good point. That's how I've implemented OAuth in JHipster (www.jhipster.tech). All the OAuth flows happen on the server-side.

@SchkuenteQoostewin 3 года назад

Got a Dodge 2013 Pursuit class Charger, call her Moonsong and will eat most "regular" vehicles on the road. She has a 5.7L HEMI....Wish it was a 6.3 Scat but hey she is fine.