Microservices Security In Action

By Prabath Siriwardena and Nuwan Dias

NOTE: While writing the book we wanted to mostly focus on the concepts, as the concrete technologies used to implement the concepts are constantly changing and we wanted to keep them as much as simple. So we decided to use Spring Boot to implement the OAuth 2.0 authorization server used in the samples of the book. However in practice you may use Keycloak, Auth0, Okta, WSO2, and so on as your authorization server.

Spring Boot has deprecated AuthorizationServerConfigurerAdapter, ClientDetailsServiceConfigurer, and AuthorizationServerSecurityConfigurer classes, which we used to implement the authorization server, which we will surely update in the next edition of the book and will also update the github project even before that. However, we expect this will not distract the readers that much, because we don't expect them to implement an authorization server.

PART 1 OVERVIEW

1 ■ Microservices security landscape

2 ■ First steps in securing microservices

9 ■ Securing reactive microservices

PART 4 SECURE DEPLOYMENT

10 ■ Conquering container security with Docker

11 ■ Securing microservices on Kubernetes

12 ■ Securing microservices with Istio service mesh

PART 5 SECURE DEVELOPMENT

13 ■ Secure coding practices and automation

APPENDICES

A ■ OAuth 2.0 and OpenID Connect

B ■ JSON Web Token

C ■ Single-page application architecture

D ■ Observability in a microservices deployment

E ■ Docker fundamentals

F ■ Open Policy Agent

G ■ Creating a certificate authority and related keys with OpenSSL

H ■ Secure Production Identity Framework for Everyone

I ■ gRPC fundamentals

J ■ Kubernetes fundamentals

K ■ Service mesh and Istio fundamentals

About

Microservices Security in Action Book Samples

Languages

Language:Java 81.4%Language:TypeScript 7.3%Language:Shell 7.1%Language:JavaScript 1.6%Language:Open Policy Agent 1.5%Language:Dockerfile 0.6%Language:HTML 0.4%Language:CSS 0.1%

vkbiu / samples