We will begin at the very core—our microservice. Whenever we write any microservice to satisfy any business capability, once it is designed, we need to take care of whether the service is exposed to any vulnerabilities or not. The following questions can be asked to get a general idea about security at the application level:
- Is the system properly secured at all places or just at the boundaries?
- If an intruder sneaks in, is the system powerful enough to detect that intruder and throw him out?
- How easy is it for an intruder to get inside the network by mimicking the usual behavior, get access to traffic, or overload traffic?
- Does each microservice trust other microservices even if they call them too much? ...