Play all

Intro

Security fundamentals

Spoofing Tampering Repudiation Information Disclosure Denial of Service Escalation of Privilege

OWASP Open Web Application Security Project find good trusted, peer reviewed sources

Consistent Planned Authentication

Storage, Quality, Length, Lifecycle the keys to token success

validation required:: every header every field every format every method

Service decomposition

scaling and resource exhaustion

Orchestration layer attacks

features that scare me 1 impersonation 2 investigation mode 3 demo accounts on production 4 SSL interception and analysis 5 many password sins

the golden rule never assume a security vendor is better at secure development than you are

Identity and access

principle of least privilege the lowest set of permissions and accesses required to do your job

Roles V.S. Fine Grain Permissions

Immutable architectures matter in microservice security

Auditable host configurations are a good thing but you might not be the right person to audit them

Avoids configuration creep including those changes made by an attacker

Choose the right tools for the job you are doing

not all technologies have mature libraries, frameworks and documentation

Detection

Poorly managed logs are a simple way to create denial of service attacks

Description:

Explore microservice security in this comprehensive conference talk that delves into securing modern architectures. Learn about tools, techniques, and considerations for protecting applications and organizations. Examine real-world examples of attacks and defense strategies, gaining insights into how to test systems for vulnerabilities. Cover essential topics such as security fundamentals, OWASP guidelines, authentication best practices, service decomposition, orchestration layer attacks, and identity management. Discover the importance of immutable architectures, auditable host configurations, and proper tool selection. Gain valuable knowledge on detection methods and log management to prevent denial of service attacks. Apply the principle of least privilege and understand the differences between roles and fine-grained permissions in microservice environments.

Practical Microservice Security

NDC Conferences

Add to list

#Conference Talks #NDC Conferences #Information Security (InfoSec) #Cybersecurity #Identity and Access Management #Computer Science #DevOps #Log Management