Microservices Security in Action video edition

Microservices Security in Action video edition

by Prabath Siriwardena, Nuwan Dias
Released July 2020
Publisher(s): Manning Publications
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

In Video Editions the narrator reads the book while the content, figures, code listings, diagrams, and text appear on the screen. Like an audiobook that you can also watch as a video.

A complete guide to the challenges and solutions in securing microservices architectures.
Massimo Siani, FinDynamic

Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.

about the technology

Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data—and your company's reputation—safe!

about the book

Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure!

what's inside

  • Microservice security concepts
  • Edge services with an API gateway
  • Deployments with Docker, Kubernetes, and Istio
  • Security testing at the code level
  • Communications with HTTP, gRPC, and Kafka

about the audience

For experienced microservices developers with intermediate Java skills.

about the authors

Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies.

An indispensable roadmap... Touches on all the right topics in an order that makes sense.
Andrew Bovill, Next Century

Full of code examples and detailed explanations regarding security that can help anyone secure services connected to the internet.
Gustavo Gomes, Brightcove

A book that should adorn the desk of every developer and architect developing software using the microservices architectural pattern.
Srihari Sridharan, athenahealth

NARRATED BY AIDEN HUMPHREYS

Table of contents

  1. Part 1. Overview
  2. Chapter 1. Microservices security landscape
  3. Chapter 1 Challenges of securing microservices
  4. Chapter 1 Immutability of containers challenges how you maintain service credentials and access-control policies
  5. Chapter 1 Key security fundamentals
  6. Chapter 1 Confidentiality protects your systems from unintended information disclosure
  7. Chapter 1 Edge security
  8. Chapter 1 Securing service-to-service communication
  9. Chapter 1 Service-level authorization
  10. Chapter 1 Crossing trust boundaries
  11. Chapter 2 First steps in securing microservices
  12. Chapter 2 Accessing the Order Processing microservice
  13. Chapter 2 Setting up an OAuth 2.0 server
  14. Chapter 2 Getting an access token from the OAuth 2.0 authorization server
  15. Chapter 2 Securing a microservice with OAuth 2.0
  16. Chapter 2 Invoking a secured microservice from a client application
  17. Part 2. Edge security
  18. Chapter 3 Securing north/south traffic with an API gateway
  19. Chapter 3 Decoupling security from the microservice
  20. Chapter 3 Security at the edge
  21. Chapter 3 Why not basic authentication to secure APIs?
  22. Chapter 3 Setting up an API gateway with Zuul
  23. Chapter 3 Enforcing OAuth 2.0-based security at the Zuul gateway Pt 1
  24. Chapter 3 Enforcing OAuth 2.0-based security at the Zuul gateway Pt 2
  25. Chapter 3 Securing communication between Zuul and the microservice
  26. Chapter 4 Accessing a secured microservice via a single-page application
  27. Chapter 4 Looking behind the scenes of a single-page application
  28. Chapter 4 Setting up cross-origin resource sharing
  29. Chapter 4 Inspecting the source that allows cross-origin requests
  30. Chapter 4 Securing a SPA with OpenID Connect
  31. Chapter 4 Inspecting the code of the applications
  32. Chapter 4 Using federated authentication
  33. Chapter 5 Engaging throttling, monitoring, and access control
  34. Chapter 5 Fair usage policy for users
  35. Chapter 5 Maximum handling capacity of a microservice
  36. Chapter 5 Monitoring and analytics with Prometheus and Grafana
  37. Chapter 5 Enforcing access-control policies at the API gateway with Open Policy Agent
  38. Chapter 5 Evaluating OPA policies
  39. Part 3. Service-to-service communications
  40. Chapter 6 Securing east/west traffic with certificates
  41. Chapter 6 Creating certificates to secure access to microservices
  42. Chapter 6 Securing microservices with TLS
  43. Chapter 6 Engaging mTLS
  44. Chapter 6 Certificate revocation Pt 1
  45. Chapter 6 Certificate revocation Pt 2
  46. Chapter 6 Key rotation
  47. Chapter 7 Securing east/west traffic with JWT
  48. Chapter 7 Sharing user context with a new JWT for each service-to-service interaction
  49. Chapter 7 Self-issued JWTs
  50. Chapter 7 Setting up an STS to issue a JWT
  51. Chapter 7 Using JWT as a data source for access control
  52. Chapter 7 Exchanging a JWT for a new one with a new audience
  53. Chapter 8 Securing east/west traffic over gRPC
  54. Chapter 8 Securing gRPC service-to-service communications with mTLS
  55. Chapter 8 Securing gRPC service-to-service communications with JWT
  56. Chapter 9 Securing reactive microservices
  57. Chapter 9 Setting up Kafka as a message broker
  58. Chapter 9 Developing a microservice to push events to a Kafka topic
  59. Chapter 9 Using TLS to protect data in transit
  60. Chapter 9 Configuring TLS on the microservices
  61. Chapter 9 Using mTLS for authentication
  62. Chapter 9 Controlling access to Kafka topics with ACLs
  63. Chapter 9 Setting up NATS as a message broker
  64. Part 4. Secure deployment
  65. Chapter 10 Conquering container security with Docker
  66. Chapter 10 Managing secrets in a Docker container
  67. Chapter 10 Using Docker Content Trust to sign and verify Docker images
  68. Chapter 10 Signature verification with DCT
  69. Chapter 10 Running the Order Processing microservice on Docker
  70. Chapter 10 Running containers with limited privileges
  71. Chapter 10 Running Docker Bench for security
  72. Chapter 10 Enabling mTLS at the NGINX server to secure access to Docker APIs Pt 1
  73. Chapter 10 Enabling mTLS at the NGINX server to secure access to Docker APIs Pt 2
  74. Chapter 11 Securing microservices on Kubernetes
  75. Chapter 11 Managing secrets in a Kubernetes environment
  76. Chapter 11 Defining a ConfigMap for keystore credentials
  77. Chapter 11 Using Kubernetes Secrets
  78. Chapter 11 Running the Order Processing microservice in Kubernetes
  79. Chapter 11 Running the Inventory microservice in Kubernetes
  80. Chapter 11 Using role-based access control in Kubernetes
  81. Chapter 12 Securing microservices with Istio service mesh
  82. Chapter 12 Clean up any previous work
  83. Chapter 12 Enabling TLS termination at the Istio Ingress gateway
  84. Chapter 12 Deploying VirtualServices
  85. Chapter 12 Securing service-to-service communications with mTLS
  86. Chapter 12 Peer authentication and request authentication
  87. Chapter 12 Enforcing authorization
  88. Chapter 12 Testing end-to-end flow with RBAC
  89. Chapter 12 Managing keys in Istio
  90. Chapter 12 Key provisioning and rotation with SDS
  91. Part 5. Secure development
  92. Chapter 13 Secure coding practices and automation
  93. Chapter 13 Broken authentication
  94. Chapter 13 Lack of resources and rate limiting
  95. Chapter 13 Security misconfiguration
  96. Chapter 13 Running static code analysis
  97. Chapter 13 Integrating security testing with Jenkins
  98. Chapter 13 Setting up a build pipeline with Jenkins
  99. Chapter 13 Running dynamic analysis with OWASP ZAP
  100. Appendix A OAuth 2.0 and OpenID Connect
  101. Appendix A Actors of an OAuth 2.0 flow
  102. Appendix A Grant types
  103. Appendix A Resource owner password grant type
  104. Appendix A Authorization code grant type
  105. Appendix A Implicit grant type
  106. Appendix A Scopes bind capabilities to an OAuth 2.0 access token
  107. Appendix B JSON Web Token
  108. Appendix B What does a JWT look like?
  109. Appendix B JSON Web Signature
  110. Appendix C Single-page application architecture
  111. Appendix D Observability in a microservices deployment
  112. Appendix D The importance of tracing in observability
  113. Appendix E Docker Swarm
  114. Appendix E Docker fundamentals
  115. Appendix E Docker adding value to Linux containers
  116. Appendix E Installing Docker
  117. Appendix E Containerizing an application
  118. Appendix E Container name and container ID
  119. Appendix E Image name and image ID
  120. Appendix E Image layers
  121. Appendix E Deleting an image
  122. Appendix E Docker internal architecture
  123. Appendix E What is happening behind the scenes of docker run?
  124. Appendix F Open Policy Agent
  125. Appendix F Deploying OPA as a Docker container
  126. Appendix F External data
  127. Appendix F JSON Web Token
  128. Appendix F OPA integrations
  129. Appendix G Creating a certificate authority and related keys with OpenSSL
  130. Appendix H Secure Production Identity Framework for Everyone
  131. Appendix H The inspiration behind SPIFFE
  132. Appendix H How SPIRE works
  133. Appendix H SPIFFE Verifiable Identity Document
  134. Appendix I gRPC fundamentals
  135. Appendix I Understanding HTTP/2 and its benefits over HTTP/1.x
  136. Appendix I The different types of RPC available in gRPC
  137. Appendix J Kubernetes fundamentals
  138. Appendix J A Service: an abstraction over Kubernetes Pods
  139. Appendix J Getting started with Minikube and Docker Desktop
  140. Appendix J Creating a Kubernetes Deployment
  141. Appendix J Behind the scenes of a Service
  142. Appendix J Exploring the Kubernetes API server
  143. Appendix J Kubernetes internal communication
  144. Appendix J Managing configurations
  145. Appendix K Service mesh and Istio fundamentals
  146. Appendix K The Service Mesh architecture
  147. Appendix K Istio architecture
  148. Appendix K Istio data plane
  149. Appendix K Setting up Istio service mesh on Kubernetes
  150. Appendix K What Istio brings to a Kubernetes cluster
  151. Appendix K Setting up the Kubernetes deployment
  152. Appendix K Updating the Order Processing microservice with Istio configurations

Product information

  • Title: Microservices Security in Action video edition
  • Author(s): Prabath Siriwardena, Nuwan Dias
  • Release date: July 2020
  • Publisher(s): Manning Publications
  • ISBN: None