Skip to content
O'Reilly home
Learning Path

Building Secure Microservices Architectures

Time to complete: 2h 35m

Published byO'Reilly Media, Inc.

CreatedApril 2018

One of the most popular trends in IT today is organizations making the move from monolithic enterprise applications to microservice architectures. In this paradigm, applications are composed of many small, single-purpose elements, or microservices, that communicate and interact with one another to form a complete, functional application. Microservice architectures make it easier to scale your application and team; allow you to use a variety of technologies that best suit individual microservice goals; and are ideal for Agile development environments, making it possible for you to ship features more quickly. But, they can also create serious challenges, such as ensuring that the systems you create are secure. When done well, microservice architectures can be significantly more secure than other types of software, but if approached naively, you can end up with a less-secure, more vulnerable system.

In this learning path, presented by renowned consultant, speaker, and author Sam Newman, you will learn to build secure microservice architectures from the ground up. Designed for intermediate-level developers who understand what microservices are and have some experience working with distributed systems, you will explore which frameworks work best to create secure microservices and how to implement effective authorization and authentication schemas, among other things.

What you’ll learn—and how you can apply it

  • Discover the best framework to use when considering the security aspects of microservices
  • Learn how to handle authorization and authentication, transport security, and patch hygiene
  • Explore new technologies that help implement secure distributed systems in easier ways

This learning path is for you because…

  • You're building or are considering making the move to a microservice architecture
  • Your application handles sensitive data and you want to ensure that you’re taking the right steps to properly secure your application from intrusion
  • You want your team to adopt a mindset that places an emphasis on building security into your applications from the beginning


  • A working understanding of what microservices are is very useful, but not essential (if you don’t yet have much experience or familiarity with microservices, we suggest that you first participate in the learning path The Principles of Microservices)
  • Experience working with any sort of distributed system is a plus, but not a requirement
  • No prior knowledge of application security is required

Materials or downloads needed in advance: None