Audiobook description
A complete guide to the challenges and solutions in securing microservices architectures.Massimo Siani, FinDynamic
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
about the technology
Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data—and your company's reputation—safe!
about the book
Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure!
what's inside
- Microservice security concepts
- Edge services with an API gateway
- Deployments with Docker, Kubernetes, and Istio
- Security testing at the code level
- Communications with HTTP, gRPC, and Kafka
about the audience
For experienced microservices developers with intermediate Java skills.
about the authors
Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies.
An indispensable roadmap... Touches on all the right topics in an order that makes sense.Andrew Bovill, Next Century
Full of code examples and detailed explanations regarding security that can help anyone secure services connected to the internet.
Gustavo Gomes, Brightcove
A book that should adorn the desk of every developer and architect developing software using the microservices architectural pattern.
Srihari Sridharan, athenahealth
NARRATED BY AIDEN HUMPHREYS
Table of contents
- Part 1. Overview
- Chapter 1. Microservices security landscape
- Chapter 2 First steps in securing microservices
- Part 2. Edge security
- Chapter 3 Securing north/south traffic with an API gateway
- Chapter 4 Accessing a secured microservice via a single-page application
- Chapter 5 Engaging throttling, monitoring, and access control
- Part 3. Service-to-service communications
- Chapter 6 Securing east/west traffic with certificates
- Chapter 7 Securing east/west traffic with JWT
- Chapter 8 Securing east/west traffic over gRPC
- Chapter 9 Securing reactive microservices
- Part 4. Secure deployment
- Chapter 10 Conquering container security with Docker
- Chapter 11 Securing microservices on Kubernetes
- Chapter 12 Securing microservices with Istio service mesh
- Part 5. Secure development
- Chapter 13 Secure coding practices and automation
- Appendix A OAuth 2.0 and OpenID Connect
- Appendix B JSON Web Token
- Appendix C Single-page application architecture
- Appendix D Observability in a microservices deployment
- Appendix E Docker Swarm
- Appendix F Open Policy Agent
- Appendix G Creating a certificate authority and related keys with OpenSSL
- Appendix H Secure Production Identity Framework for Everyone
- Appendix I gRPC fundamentals
- Appendix J Kubernetes fundamentals
- Appendix K Service mesh and Istio fundamentals
Product information
- Title: Microservices Security in Action
- Author(s):
- Release date: July 2020
- Publisher(s): Manning Publications
- ISBN: None
You might also like
book
Microservices Security in Action
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. …
audiobook
API Security in Action
A comprehensive guide to designing and implementing secure services. A must-read book for all API practitioners …
book
API Security in Action
A web API is an efficient way to communicate with an application or service. However, this …
book
Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0
Know how to design and use identity management to protect your application and the data it …