Microservices Security
Security breaches can be very costly, from loss of revenue, reputational damage, and even bankruptcy. In this course, you will learn how to navigate the unique security challenges of a microservice architecture.
What you'll learn
Microservices can provide a lot of flexibility and benefits to your application and organization. Security breaches can be very costly, from loss of revenue, reputational damage and possibly bankruptcy, hence it’s of utmost importance you get it right. In this course, Microservices Security Fundamentals, you will learn the best practices, principals, standards, and patterns to effectively design and implement security solutions for your desired microservices architecture. First, you will learn about the key challenges of securing microservices vs. traditional monolithic applications. Next, you will discover the various security patterns and techniques you can utilize to address these challenges, focusing on edge and service-service security, single page vs. multi-page applications, monitoring, alerting, and throttling. Finally, you will explore threat modeling techniques and how to foster a security culture within your microservices teams. When you finish this course, you will have the skills and knowledge to design and implement secure microservices required to protect your organization and users.
Table of contents
- Module Introduction 1m
- Challenges with Edge Security 4m
- API Gateway: Exposing Your API Securely 3m
- Should You Consider Basic Authentication? 2m
- Authenticating Clients with Certificates 3m
- Introducing Tokens 3m
- Leveraging a Security Token Service 4m
- By-references vs. By-value Tokens 3m
- JSON Web Tokens 5m
- Delegated Authorization with OAuth2 6m
- The Reasons for OpenID Connect 7m
- Options for an API Gateway and Authorization Server 3m
- Module Wrap Up 2m
- Module Introduction 4m
- Mutual Transport Layer Security 5m
- A Closer Look at the Trust Bootstrap Problem 3m
- Introducing the Demo 4m
- Using Tokens 4m
- OAuth2 Token Exchange 3m
- Sharing User Context between Your Microservices 4m
- Non-repudiation with Self-issued and Nested JWTs 2m
- Service to Service with OAuth2 Client Credentials Flow 2m
- Scope Based Authorization with OAuth2 3m
- Claims Based Access Control 2m
- Authorization as a Service 3m
- Module Wrap Up 2m
About the author
Wojciech is a Technical Lead and Scrum Master. He has over 15 years' experience in software development working in a variety of industries from financial services and online gaming. He has extensive experience with anything Java, Spring framework, Microservices and has a passion for developing secure and scalable applications.