Topics of Interest - Attacking the Microservice Systems - Methods and Practical Tips

Explore methods and practical tips for attacking microservice systems in this 30-minute OWASP Foundation conference talk. Delve into the security challenges posed by microservice architecture in cloud-based and on-premise infrastructures. Learn how to conduct basic security assessments of microservice-based systems to identify specific vulnerabilities. Gain insights from research extracted during multiple security assessments, structured and contributed to the OWASP community. Cover topics including architecture assessment, features to analyze, security checks, third-party JS library issues, GitHub access token leakage, and authorization features. Examine a microservice security design assessment checklist and walk away with valuable takeaways for enhancing your understanding of microservice system vulnerabilities and protection strategies.

Introduction
Motivation
Architecture
Architecture Assessment
What features to analyze
What you should check
Thirdparty JS library issue
GitHub access token leakage
Authorization features
Microservice Security Design Assessment Checklist
Takeaways