preface
acknowledgments
about this book
about the authors
about the cover illustration
Part 1. Overview
1 Microservices security landscape
How security works in a monolithic application
Challenges of securing microservices
The broader the attack surface, the higher the risk of attack
Distributed security screening may result in poor performance
Deployment complexities make bootstrapping trust among microservices a nightmare
Requests spanning multiple microservices are harder to trace
Immutability of containers challenges how you maintain service credentials and access-control policies
The distributed nature of microservices makes sharing user context harder
Polyglot architecture demands more security expertise on each development team
Key security fundamentals
Authentication protects your system against spoofing
Integrity protects your system from data tampering
Nonrepudiation: Do it once, and you own it forever
Confidentiality protects your systems from unintended information disclosure
Availability: Keep the system running, no matter what
Authorization: Nothing more than you’re supposed to do
Edge security
The role of an API gateway in a microservices deployment