Insecure Transit - Microservice Security
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore a comprehensive conference talk on microservice security, delving into technical challenges and solutions for securing distributed architectures. Learn about protecting systems in depth, addressing network information flow concerns, and implementing advanced security measures. Discover key concepts such as secret stores, time-limited credentials, backups, confused deputy problems, JWT tokens, and service meshes. Gain insights into assessing risks, managing passwords, handling vulnerabilities, and implementing HTTPS and certificate management. Understand modern deployment stacks, threat modeling, and common security concerns in microservice environments. Master techniques for building secure microservice architectures that surpass traditional monolithic systems in terms of protection and scalability.
Syllabus
Introduction
Welcome
Sam Newman
Assessing risk
Verizon Data Breach Report
NIST
Longer passwords
Short passwords
Password managers
Code Spaces
API Keys
Credentials
Passwords
Secret Stores
Vault
Console Template
Known vulnerabilities
Equifax
Russian Doll
Modern Deployment Stack
Snick
Threat Modeling
HTTPS Everywhere
Server guarantees
Client guarantees
Serverside certificate management
Clientside certificate management
Certificate management
Mutual TLS
Neutral TLS
The Problem
Demo
Confusing Deputy Problem
JWT Tokens
Service Mesh
Netflix
Sidecar
Service meshes
Common concerns
MutualTLS
Summary
Taught by
NDC Conferences
Related Courses
Менеджмент информационной безопасностиHigher School of Economics via Coursera Planning a Security Incident Response
Microsoft via edX Identifying Security Vulnerabilities
University of California, Davis via Coursera Secure Coding Practices
University of California, Davis via Coursera Atlas Security
MongoDB University