Video description
In Video Editions the narrator reads the book while the content, figures, code listings, diagrams, and text appear on the screen. Like an audiobook that you can also watch as a video.
A complete guide to the challenges and solutions in securing microservices architectures.
Massimo Siani, FinDynamic
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
about the technology
Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data—and your company's reputation—safe!
about the book
Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure!
what's inside
- Microservice security concepts
- Edge services with an API gateway
- Deployments with Docker, Kubernetes, and Istio
- Security testing at the code level
- Communications with HTTP, gRPC, and Kafka
about the audience
For experienced microservices developers with intermediate Java skills.
about the authors
Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies.
An indispensable roadmap... Touches on all the right topics in an order that makes sense.Andrew Bovill, Next Century
Full of code examples and detailed explanations regarding security that can help anyone secure services connected to the internet.
Gustavo Gomes, Brightcove
A book that should adorn the desk of every developer and architect developing software using the microservices architectural pattern.
Srihari Sridharan, athenahealth
NARRATED BY AIDEN HUMPHREYS
Table of contents
- Part 1. Overview
- Chapter 1. Microservices security landscape
- Chapter 1 Challenges of securing microservices
- Chapter 1 Immutability of containers challenges how you maintain service credentials and access-control policies
- Chapter 1 Key security fundamentals
- Chapter 1 Confidentiality protects your systems from unintended information disclosure
- Chapter 1 Edge security
- Chapter 1 Securing service-to-service communication
- Chapter 1 Service-level authorization
- Chapter 1 Crossing trust boundaries
- Chapter 2 First steps in securing microservices
- Chapter 2 Accessing the Order Processing microservice
- Chapter 2 Setting up an OAuth 2.0 server
- Chapter 2 Getting an access token from the OAuth 2.0 authorization server
- Chapter 2 Securing a microservice with OAuth 2.0
- Chapter 2 Invoking a secured microservice from a client application
- Part 2. Edge security
- Chapter 3 Securing north/south traffic with an API gateway
- Chapter 3 Decoupling security from the microservice
- Chapter 3 Security at the edge
- Chapter 3 Why not basic authentication to secure APIs?
- Chapter 3 Setting up an API gateway with Zuul
- Chapter 3 Enforcing OAuth 2.0-based security at the Zuul gateway Pt 1
- Chapter 3 Enforcing OAuth 2.0-based security at the Zuul gateway Pt 2
- Chapter 3 Securing communication between Zuul and the microservice
- Chapter 4 Accessing a secured microservice via a single-page application
- Chapter 4 Looking behind the scenes of a single-page application
- Chapter 4 Setting up cross-origin resource sharing
- Chapter 4 Inspecting the source that allows cross-origin requests
- Chapter 4 Securing a SPA with OpenID Connect
- Chapter 4 Inspecting the code of the applications
- Chapter 4 Using federated authentication
- Chapter 5 Engaging throttling, monitoring, and access control
- Chapter 5 Fair usage policy for users
- Chapter 5 Maximum handling capacity of a microservice
- Chapter 5 Monitoring and analytics with Prometheus and Grafana
- Chapter 5 Enforcing access-control policies at the API gateway with Open Policy Agent
- Chapter 5 Evaluating OPA policies
- Part 3. Service-to-service communications
- Chapter 6 Securing east/west traffic with certificates
- Chapter 6 Creating certificates to secure access to microservices
- Chapter 6 Securing microservices with TLS
- Chapter 6 Engaging mTLS
- Chapter 6 Certificate revocation Pt 1
- Chapter 6 Certificate revocation Pt 2
- Chapter 6 Key rotation
- Chapter 7 Securing east/west traffic with JWT
- Chapter 7 Sharing user context with a new JWT for each service-to-service interaction
- Chapter 7 Self-issued JWTs
- Chapter 7 Setting up an STS to issue a JWT
- Chapter 7 Using JWT as a data source for access control
- Chapter 7 Exchanging a JWT for a new one with a new audience
- Chapter 8 Securing east/west traffic over gRPC
- Chapter 8 Securing gRPC service-to-service communications with mTLS
- Chapter 8 Securing gRPC service-to-service communications with JWT
- Chapter 9 Securing reactive microservices
- Chapter 9 Setting up Kafka as a message broker
- Chapter 9 Developing a microservice to push events to a Kafka topic
- Chapter 9 Using TLS to protect data in transit
- Chapter 9 Configuring TLS on the microservices
- Chapter 9 Using mTLS for authentication
- Chapter 9 Controlling access to Kafka topics with ACLs
- Chapter 9 Setting up NATS as a message broker
- Part 4. Secure deployment
- Chapter 10 Conquering container security with Docker
- Chapter 10 Managing secrets in a Docker container
- Chapter 10 Using Docker Content Trust to sign and verify Docker images
- Chapter 10 Signature verification with DCT
- Chapter 10 Running the Order Processing microservice on Docker
- Chapter 10 Running containers with limited privileges
- Chapter 10 Running Docker Bench for security
- Chapter 10 Enabling mTLS at the NGINX server to secure access to Docker APIs Pt 1
- Chapter 10 Enabling mTLS at the NGINX server to secure access to Docker APIs Pt 2
- Chapter 11 Securing microservices on Kubernetes
- Chapter 11 Managing secrets in a Kubernetes environment
- Chapter 11 Defining a ConfigMap for keystore credentials
- Chapter 11 Using Kubernetes Secrets
- Chapter 11 Running the Order Processing microservice in Kubernetes
- Chapter 11 Running the Inventory microservice in Kubernetes
- Chapter 11 Using role-based access control in Kubernetes
- Chapter 12 Securing microservices with Istio service mesh
- Chapter 12 Clean up any previous work
- Chapter 12 Enabling TLS termination at the Istio Ingress gateway
- Chapter 12 Deploying VirtualServices
- Chapter 12 Securing service-to-service communications with mTLS
- Chapter 12 Peer authentication and request authentication
- Chapter 12 Enforcing authorization
- Chapter 12 Testing end-to-end flow with RBAC
- Chapter 12 Managing keys in Istio
- Chapter 12 Key provisioning and rotation with SDS
- Part 5. Secure development
- Chapter 13 Secure coding practices and automation
- Chapter 13 Broken authentication
- Chapter 13 Lack of resources and rate limiting
- Chapter 13 Security misconfiguration
- Chapter 13 Running static code analysis
- Chapter 13 Integrating security testing with Jenkins
- Chapter 13 Setting up a build pipeline with Jenkins
- Chapter 13 Running dynamic analysis with OWASP ZAP
- Appendix A OAuth 2.0 and OpenID Connect
- Appendix A Actors of an OAuth 2.0 flow
- Appendix A Grant types
- Appendix A Resource owner password grant type
- Appendix A Authorization code grant type
- Appendix A Implicit grant type
- Appendix A Scopes bind capabilities to an OAuth 2.0 access token
- Appendix B JSON Web Token
- Appendix B What does a JWT look like?
- Appendix B JSON Web Signature
- Appendix C Single-page application architecture
- Appendix D Observability in a microservices deployment
- Appendix D The importance of tracing in observability
- Appendix E Docker Swarm
- Appendix E Docker fundamentals
- Appendix E Docker adding value to Linux containers
- Appendix E Installing Docker
- Appendix E Containerizing an application
- Appendix E Container name and container ID
- Appendix E Image name and image ID
- Appendix E Image layers
- Appendix E Deleting an image
- Appendix E Docker internal architecture
- Appendix E What is happening behind the scenes of docker run?
- Appendix F Open Policy Agent
- Appendix F Deploying OPA as a Docker container
- Appendix F External data
- Appendix F JSON Web Token
- Appendix F OPA integrations
- Appendix G Creating a certificate authority and related keys with OpenSSL
- Appendix H Secure Production Identity Framework for Everyone
- Appendix H The inspiration behind SPIFFE
- Appendix H How SPIRE works
- Appendix H SPIFFE Verifiable Identity Document
- Appendix I gRPC fundamentals
- Appendix I Understanding HTTP/2 and its benefits over HTTP/1.x
- Appendix I The different types of RPC available in gRPC
- Appendix J Kubernetes fundamentals
- Appendix J A Service: an abstraction over Kubernetes Pods
- Appendix J Getting started with Minikube and Docker Desktop
- Appendix J Creating a Kubernetes Deployment
- Appendix J Behind the scenes of a Service
- Appendix J Exploring the Kubernetes API server
- Appendix J Kubernetes internal communication
- Appendix J Managing configurations
- Appendix K Service mesh and Istio fundamentals
- Appendix K The Service Mesh architecture
- Appendix K Istio architecture
- Appendix K Istio data plane
- Appendix K Setting up Istio service mesh on Kubernetes
- Appendix K What Istio brings to a Kubernetes cluster
- Appendix K Setting up the Kubernetes deployment
- Appendix K Updating the Order Processing microservice with Istio configurations
Product information
- Title: Microservices Security in Action video edition
- Author(s):
- Release date: July 2020
- Publisher(s): Manning Publications
- ISBN: None
You might also like
video
API Security in Action video edition
A comprehensive guide to designing and implementing secure services. A must-read book for all API practitioners …
audiobook
Microservices Security in Action
A complete guide to the challenges and solutions in securing microservices architectures. Massimo Siani, FinDynamic Unlike …
book
Microservices Security in Action
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. …
book
Spring Security in Action
While creating secure applications is critically important, it can also be tedious and time-consuming to stitch …