The next level is our middleware. It's the central place or starting point, where all services will pass through. We need to make sure that middleware is secured and cannot be exposed to any risk, as it has various parameters such as messaging middleware, database access configured, and so on:
- Do we have the least privilege principle (that is, single database login across all services)?
- Does each service have access to only the data that it needs?
- If an intruder gets access to service database credentials, how much data access will they get?
- Do we have a single messaging middleware across all services?
- Does the messaging middleware or service bus have login credentials?
- Does the legacy system put the microservice system at risk? ...