SlideShare a Scribd company logo

AppSec And Microservices

Sam Newman, profile picture
Sam Newman

The document discusses the integration of application security (AppSec) within microservices architecture, highlighting the importance of small, autonomous services that collaborate based on business domains. It addresses various security aspects such as prevention, detection, response, and recovery, emphasizing the need for secure communications and proper management of client-side certificates. Additionally, it touches on challenges like perimeter security, maintaining data integrity, and the complexities introduced by utilizing multiple technologies.

Technology
1 of 84
Downloaded 36 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
APPSEC AND MICROSERVICES Sam Newman O’Reilly Software Architecture Conference, NYC 2016
@samnewman
@samnewman
@samnewmanhttps://www.flickr.com/photos/seattlemunicipalarchives/4058808950
@samnewmanhttps://www.flickr.com/photos/theseanster93/485390997/
@samnewman http://map.norsecorp.com/
@samnewman
@samnewman
@samnewman Accounts Returns Invoicing Shipping Inventory Customer Service
@samnewman Accounts Returns Invoicing Shipping Inventory Customer Service Small Autonomous services that work together, modelled around a business domain
https://www.flickr.com/photos/wwworks/2607036664/
https://www.flickr.com/photos/lkowen/15803718243/
@samnewman
@samnewman
@samnewman
@samnewman
@samnewman
@samnewman Prevention
@samnewman Prevention Detection
@samnewman Prevention Detection Response
@samnewman Prevention Detection ResponseRecovery
@samnewman Prevention Detection ResponseRecovery
@samnewman Prevention Detection ResponseRecovery
@samnewmanhttps://www.flickr.com/photos/adulau/15680439035/
@samnewmanhttps://www.flickr.com/photos/duanestorey/469163789/
@samnewman https://www.schneier.com/paper-attacktrees-ddj-ft.html
@samnewman Open Safe
@samnewman Open Safe Pick Lock Learn Combo Cut Open
@samnewman Open Safe Pick Lock Learn Combo Cut Open Find Written Combo Get Combo from the target
@samnewman Open Safe Pick Lock Learn Combo Cut Open Find Written Combo Get Combo from the target Blackmail Threaten Bribe
@samnewman Open Safe Pick Lock Learn Combo Cut Open Find Written Combo Get Combo from the target Blackmail Threaten Bribe Impossible Impossible Impossible Possible Possible Possible
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service Transport Security
@samnewman HTTPS Everywhere!
BENEFITS OF HTTPS?
BENEFITS OF HTTPS? ▫︎Server guarantees!
BENEFITS OF HTTPS? ▫︎Server guarantees! ▫︎Payload not manipulated…
BENEFITS OF HTTPS? ▫︎Server guarantees! ▫︎Payload not manipulated… ▫︎…but no client guarantee and…
BENEFITS OF HTTPS? ▫︎Server guarantees! ▫︎Payload not manipulated… ▫︎…but no client guarantee and… ▫︎…certificates can be a pain
@samnewman https://letsencrypt.org/
@samnewman
Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service
CLIENT-SIDE CERTIFICATES?
CLIENT-SIDE CERTIFICATES? ▫︎Client guarantees!
CLIENT-SIDE CERTIFICATES? ▫︎Client guarantees! ▫︎…but a PITA to manage….
@samnewman http://techblog.netflix.com/2015/09/introducing-lemur.html
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service
@samnewman Auth?
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service Web browsers Form AuthOAuth
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service Web browsers Form AuthOAuth User service
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service Web browsers Form AuthOAuth User service
@samnewman Confused Deputy Problem!
@samnewman Data At Rest?
@samnewman Catalog service Music Web Shop Recommend service Royalty Payment Gateway Mobile app Web browsers User service User service
@samnewman Patch Your Stuff
@samnewman Prevention Detection ResponseRecovery
@samnewman Prevention Detection ResponseRecovery
@samnewman https://www.qualys.com/research/top10/
@samnewman
@samnewman https://www.modsecurity.org/
@samnewman Catalog service Music Web Shop Recommend service Royalty service Mobile app Web browsers User service
@samnewman Catalog service Music Web Shop Recommend service Royalty service Mobile app Web browsers User service PERIMITER SECURITY!
@samnewman Polyglot = more stuff to track!
@samnewman Polyglot = more things to break?
@samnewman Prevention Detection ResponseRecovery
@samnewman Prevention Detection ResponseRecovery
@samnewman
@samnewman
@samnewman
@samnewmanhttp://krebsonsecurity.com/tag/target-data-breach/
@samnewman Comms
@samnewman
@samnewman
@samnewman https://en.wikipedia.org/wiki/Chicago_Tylenol_murders
@samnewman Prevention Detection ResponseRecovery
@samnewman Prevention Detection ResponseRecovery
@samnewman Backups
@samnewman Backups Burn it all down
@samnewman Backups Burn it all down Harder with microservices?
@samnewman Prevention Detection ResponseRecovery
@samnewman Sam Newman Building Microservices DESIGNING FINE-GRAINED SYSTEMS http://buildingmicroservices.com/
@samnewman Sam Newman Building Microservices DESIGNING FINE-GRAINED SYSTEMS http://buildingmicroservices.com/ http://samnewman.io/
@samnewman Sam Newman Building Microservices DESIGNING FINE-GRAINED SYSTEMS http://buildingmicroservices.com/ http://magpietalkshow.com/ http://samnewman.io/
@samnewman snewman@thoughtworks.com THANKS!

More Related Content

PDF
AppSec & Microservices - Velocity 2016
Sam Newman
 
PDF
AppSec and Microservices
Sam Newman
 
PDF
BETA - Securing microservices
Sam Newman
 
PDF
Practical microservices - javazone 2014
Sam Newman
 
PDF
QCon Sao Paulo Keynote - Microservices, an Unexpected Journey
Sam Newman
 
PDF
Confusion In The Land Of The Serverless - 90min Version
Sam Newman
 
PDF
Practical microservices - NDC 2014
Sam Newman
 
PDF
Principles of microservices XP Days Ukraine
Sam Newman
 
AppSec & Microservices - Velocity 2016
Sam Newman
 
AppSec and Microservices
Sam Newman
 
BETA - Securing microservices
Sam Newman
 
Practical microservices - javazone 2014
Sam Newman
 
QCon Sao Paulo Keynote - Microservices, an Unexpected Journey
Sam Newman
 
Confusion In The Land Of The Serverless - 90min Version
Sam Newman
 
Practical microservices - NDC 2014
Sam Newman
 
Principles of microservices XP Days Ukraine
Sam Newman
 

What's hot (20)

PDF
Practical microservices - YOW 2013
Sam Newman
 
PDF
Confusion In The Land Of The Serverless
Sam Newman
 
PDF
Deploying and Scaling Microservices
Sam Newman
 
PDF
What Is This Cloud Native Thing Anyway?
Sam Newman
 
PDF
Testing & deploying microservices - XP Days Ukraine 2014
Sam Newman
 
PDF
It's a trap!
Sam Newman
 
PDF
Principles of Microservices - NDC 2014
Sam Newman
 
PDF
From macro to micro goto
Sam Newman
 
PDF
Principles of microservices ndc oslo
Sam Newman
 
PDF
Hiding The Lead: Coupling, cohesion and microservices
Sam Newman
 
PDF
Rip It Up - The Microservice Organisation
Sam Newman
 
PDF
THE UX OF DATA - VISUALIZATION RESPONSIVE
Peter Rozek
 
PDF
Taking the P out of PWA
Christian Heilmann
 
PDF
The UX of DATA: Responsive Datenvisualisierung mit jQuery
Peter Rozek
 
PDF
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
HostedbyConfluent
 
PPTX
Networks, Networks Everywhere, And Not A Packet To Drink
ReadWrite
 
PDF
Performance and UX
Peter Rozek
 
PDF
Deploying and Testing Microservices
Thoughtworks
 
PPTX
Getting amped for amp
Seagyn Davis
 
PDF
A (Story Map) is worth a thousand words
Elliot Susel
 
Practical microservices - YOW 2013
Sam Newman
 
Confusion In The Land Of The Serverless
Sam Newman
 
Deploying and Scaling Microservices
Sam Newman
 
What Is This Cloud Native Thing Anyway?
Sam Newman
 
Testing & deploying microservices - XP Days Ukraine 2014
Sam Newman
 
It's a trap!
Sam Newman
 
Principles of Microservices - NDC 2014
Sam Newman
 
From macro to micro goto
Sam Newman
 
Principles of microservices ndc oslo
Sam Newman
 
Hiding The Lead: Coupling, cohesion and microservices
Sam Newman
 
Rip It Up - The Microservice Organisation
Sam Newman
 
THE UX OF DATA - VISUALIZATION RESPONSIVE
Peter Rozek
 
Taking the P out of PWA
Christian Heilmann
 
The UX of DATA: Responsive Datenvisualisierung mit jQuery
Peter Rozek
 
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
HostedbyConfluent
 
Networks, Networks Everywhere, And Not A Packet To Drink
ReadWrite
 
Performance and UX
Peter Rozek
 
Deploying and Testing Microservices
Thoughtworks
 
Getting amped for amp
Seagyn Davis
 
A (Story Map) is worth a thousand words
Elliot Susel
 
Ad

Viewers also liked (18)

PDF
ELK: Moose-ively scaling your log system
Avleen Vig
 
PDF
Principles of microservices velocity
Sam Newman
 
PDF
Launching a Rocketship Off Someone Else's Back
joshelman
 
PPTX
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
PPTX
Are microservices 'soa done right'?
Jason Bloomberg
 
PDF
App::highlight - a simple grep-like highlighter app
Alex Balhatchet
 
PDF
BlinkDB 紹介
Masafumi Oyamada
 
PPTX
The "Why", "What" and "How" of Microservices
INPAY
 
PDF
Mysql casual talks vol4
matsuo kenji
 
PDF
Enabling Microservices @Orbitz - Velocity Conf 2015
Steve Hoffman
 
PDF
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
VMware Tanzu
 
PDF
Salesforceでの大規模データの取り扱い
Salesforce Developers Japan
 
PDF
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
PDF
サンタクロースを支えるIT技術 @M_Ishikawa #yapcasia
Masayuki Ishikawa
 
PDF
[D14] MySQL 5.6時代のパフォーマンスチューニング *db tech showcase 2013 Tokyo
yoyamasaki
 
PDF
【初公開】チャットワーク検索機能を支える技術
Yoshinori Fujiwara
 
PPTX
Lean Customer Development と顧客インタビュー (技術者/研究者発スタートアップのためのリーンスタートアップ)
Takaaki Umada
 
PDF
人間と話す: Lean Customer Development (Lean Startup Update 2015)
Takaaki Umada
 
ELK: Moose-ively scaling your log system
Avleen Vig
 
Principles of microservices velocity
Sam Newman
 
Launching a Rocketship Off Someone Else's Back
joshelman
 
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Are microservices 'soa done right'?
Jason Bloomberg
 
App::highlight - a simple grep-like highlighter app
Alex Balhatchet
 
BlinkDB 紹介
Masafumi Oyamada
 
The "Why", "What" and "How" of Microservices
INPAY
 
Mysql casual talks vol4
matsuo kenji
 
Enabling Microservices @Orbitz - Velocity Conf 2015
Steve Hoffman
 
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
VMware Tanzu
 
Salesforceでの大規模データの取り扱い
Salesforce Developers Japan
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
サンタクロースを支えるIT技術 @M_Ishikawa #yapcasia
Masayuki Ishikawa
 
[D14] MySQL 5.6時代のパフォーマンスチューニング *db tech showcase 2013 Tokyo
yoyamasaki
 
【初公開】チャットワーク検索機能を支える技術
Yoshinori Fujiwara
 
Lean Customer Development と顧客インタビュー (技術者/研究者発スタートアップのためのリーンスタートアップ)
Takaaki Umada
 
人間と話す: Lean Customer Development (Lean Startup Update 2015)
Takaaki Umada
 
Ad

Similar to AppSec And Microservices (20)

PDF
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
PPTX
Strategic Design by Architecture and Organisation @ FINN.no - JavaZone 2016
Sebastian Verheughe
 
PDF
Kickstart yourmicroservicelandscape
Søren Amdi Bach
 
PDF
Building Microservices Designing Finegrained Systems Sam Newman
suramjoryi
 
PDF
Microservices
Prasanna Venkatesan
 
PPTX
Moving to Microservices
Ivan Paulovich
 
PDF
What Are Microservices 2nd Edition Sam Newman
oxismoheim
 
PDF
simpleSOAD 2.0 Architecture and Governance
Libero Maesano
 
PDF
Soa Governance And Security V1.1
Dr. Mehmet Yildiz
 
PDF
A Gentle introduction to microservices
Gianluca Padovani
 
PPTX
Pros & Cons of Microservices Architecture
Ashwini Kuntamukkala
 
PPTX
Best Practices Building Cloud Scale Apps with Microservices
Jim (张建军) Zhang
 
PDF
TechEd Preconference
Simon Guest
 
PPTX
Microservices in Action: putting microservice-based applications into production
Manning Publications
 
PPTX
Microevent
Angelo Agatino Nicolosi
 
PDF
Microservices Security: dos and don'ts
Minded Security
 
PDF
Layer 7 & Burton Group: New Cloud Security Model Requirements
CA API Management
 
PDF
Engineering Software Products: 6. microservices architecture
software-engineering-book
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
PPTX
Horizontal Scaling for Millions of Customers!
elangovans
 
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Strategic Design by Architecture and Organisation @ FINN.no - JavaZone 2016
Sebastian Verheughe
 
Kickstart yourmicroservicelandscape
Søren Amdi Bach
 
Building Microservices Designing Finegrained Systems Sam Newman
suramjoryi
 
Microservices
Prasanna Venkatesan
 
Moving to Microservices
Ivan Paulovich
 
What Are Microservices 2nd Edition Sam Newman
oxismoheim
 
simpleSOAD 2.0 Architecture and Governance
Libero Maesano
 
Soa Governance And Security V1.1
Dr. Mehmet Yildiz
 
A Gentle introduction to microservices
Gianluca Padovani
 
Pros & Cons of Microservices Architecture
Ashwini Kuntamukkala
 
Best Practices Building Cloud Scale Apps with Microservices
Jim (张建军) Zhang
 
TechEd Preconference
Simon Guest
 
Microservices in Action: putting microservice-based applications into production
Manning Publications
 
Microevent
Angelo Agatino Nicolosi
 
Microservices Security: dos and don'ts
Minded Security
 
Layer 7 & Burton Group: New Cloud Security Model Requirements
CA API Management
 
Engineering Software Products: 6. microservices architecture
software-engineering-book
 
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
Horizontal Scaling for Millions of Customers!
elangovans
 

Recently uploaded (20)

PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PPTX
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Software Development Methodologies in 2025
KodekX
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
The Future of Artificial Intelligence (AI)
Mukul
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Applied-Statistics-Mastering-Data-Driven-Decisions.pptx
parmaryashparmaryash
 

AppSec And Microservices