chapter three
3 Service-to-service communication
This chapter covers
- Analyzing problems faced securing service-to-service calls to discover vulnerabilities
- Analyzing technologies available to secure the service-to-service call graph
- Compiling the list of security technologies every developer should know
All applications must solve the following four security problems:
- Securing communication channels
- Authentication and authorization
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment or on premise
In a microservice-based application, for example, a single user request can travel between multiple microservices, like a chain of friends trying to pass along a secret. But the whole system falls apart if one friend is a loudmouth or a spy. That’s why securing the service-to-service call chain is so important.
By the end of this chapter, you’ll have a solid list of technologies and patterns every developer should know. Like your personal cheat sheet for security in development. With this knowledge, you’ll be ready to lock down your app tighter than a teenager’s diary. Because in the world of microservices, security isn’t just a feature, it’s your app’s reputation on the line.