What do you think?
Rate this book
Microservices Security in Action: Design secure network and API endpoint security for Microservices applications, with examples using Java, Kubernetes, and Istio
Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
Summary
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
About the technology
Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data--and your company's reputation--safe!
About the book
Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure!
What's inside
Microservice security concepts
Edge services with an API gateway
Deployments with Docker, Kubernetes, and Istio
Security testing at the code level
Communications with HTTP, gRPC, and Kafka
About the reader
For experienced microservices developers with intermediate Java skills.
About the author
Prabath Siriwardena is the Deputy CTO (Security) at WSO2. Nuwan Dias is the Deputy CTO (API Management & Integration) at WSO2. They have designed secure systems for many Fortune 500 companies.
Table of Contents
PART 1 OVERVIEW
1 Microservices security landscape
2 First steps in securing microservices
PART 2 EDGE SECURITY
3 Securing north/south traffic with an API gateway
4 Accessing a secured microservice via a single-page application
5 Engaging throttling, monitoring, and access control
PART 3 SERVICE-TO-SERVICE COMMUNICATIONS
6 Securing east/west traffic with certificates
7 Securing east/west traffic with JWT
Summary
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. Securing the messages, queues, and API endpoints requires new approaches to security both in the infrastructure and the code. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot.
About the technology
Integrating independent services into a single system presents special security challenges in a microservices deployment. With proper planning, however, you can build in security from the start. Learn to create secure services and protect application data throughout development and deployment. As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. With proper planning, design, and implementation, you can reap the benefits of microservices while keeping your application data--and your company's reputation--safe!
About the book
Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access control, and microservice-to-microservice communications. Detailed code samples, exercises, and real-world use cases help you put what you've learned into production. Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You'll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you're finished reading, you'll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they're secure!
What's inside
Microservice security concepts
Edge services with an API gateway
Deployments with Docker, Kubernetes, and Istio
Security testing at the code level
Communications with HTTP, gRPC, and Kafka
About the reader
For experienced microservices developers with intermediate Java skills.
About the author
Prabath Siriwardena is the Deputy CTO (Security) at WSO2. Nuwan Dias is the Deputy CTO (API Management & Integration) at WSO2. They have designed secure systems for many Fortune 500 companies.
Table of Contents
PART 1 OVERVIEW
1 Microservices security landscape
2 First steps in securing microservices
PART 2 EDGE SECURITY
3 Securing north/south traffic with an API gateway
4 Accessing a secured microservice via a single-page application
5 Engaging throttling, monitoring, and access control
PART 3 SERVICE-TO-SERVICE COMMUNICATIONS
6 Securing east/west traffic with certificates
7 Securing east/west traffic with JWT
866 pages
First published August 4, 2020
19 people are currently reading
180 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 5 of 5 reviews
October 18, 2020
I've read this book from cover to cover and enjoyed every bit of it. The authors have done tremendous work on delving into the complexities of microservices security and sharing their knowledge and experience of why securing microservices is challenging and how to effectively address those with clear reasoning for each and every choice.
The book does justice to the title by just not only providing theoretical knowledge but also code examples that the readers can build and run to understand how each of the solutions they propose works in action. The amount of dedication provided to the content related to technologies like Docker, Kubernetes, gRPC, and service meshes further compounds the value of this read.
I personally had a lot of 'aha moments' reading this because the authors were able to clearly answer some of the questions I had regarding certain areas for a long time. How the API gateway and the service mesh plays each of its role to the overall architecture was a real eye-opener.
A minor challenge that I faced is that having to manually type in the long curl requests and commands when following the code examples. A runbook for each of those in https://github.com/microservices-secu... would definitely add value to the readers.
Overall, I enjoyed this book and would definitely recommend this to everyone who seeks a deep understanding of how to effectively secure microservices.
The book does justice to the title by just not only providing theoretical knowledge but also code examples that the readers can build and run to understand how each of the solutions they propose works in action. The amount of dedication provided to the content related to technologies like Docker, Kubernetes, gRPC, and service meshes further compounds the value of this read.
I personally had a lot of 'aha moments' reading this because the authors were able to clearly answer some of the questions I had regarding certain areas for a long time. How the API gateway and the service mesh plays each of its role to the overall architecture was a real eye-opener.
A minor challenge that I faced is that having to manually type in the long curl requests and commands when following the code examples. A runbook for each of those in https://github.com/microservices-secu... would definitely add value to the readers.
Overall, I enjoyed this book and would definitely recommend this to everyone who seeks a deep understanding of how to effectively secure microservices.
January 19, 2021
I am halfway through the book, but there is no doubt this is definitely an excellent text. Topics are explained very clearly, with plenty of real examples coupled with nicely done diagrams. I particularly enjoy those diagrams. Not only because they are colorful, but also because the author shows the flow and briefly describes what is happening.
I am honestly taking a lot of notes and writing down ideas. The best thing you can do here is really to take a screenshot of those diagrams and keep them safe next to your notes as they make it even more clear.
The text covers up to date topics, not technologies that are now obsolete. There are plenty of appendix chapters, each describing in depth those technologies or protocols, which is either a nice recap or a good introduction to it to get the most our of the book.
Definitely a must read for anyone working in DevSecOps, APIs and/or microservices.
I am honestly taking a lot of notes and writing down ideas. The best thing you can do here is really to take a screenshot of those diagrams and keep them safe next to your notes as they make it even more clear.
The text covers up to date topics, not technologies that are now obsolete. There are plenty of appendix chapters, each describing in depth those technologies or protocols, which is either a nice recap or a good introduction to it to get the most our of the book.
Definitely a must read for anyone working in DevSecOps, APIs and/or microservices.
January 7, 2022
One of the best and most thorough tech books I have read. The content is well-written and succinct while thoroughly covering topics and providing links and appendices to learn more. The best praise I can offer is that it does not overwhelm the reader. This is certainly a resource worth having for those responsible for microservices security, as well as those working on or with microservices architectures.
November 7, 2020
Awesome book with very clear explanations with diagrams - a must read
September 6, 2021
The coverage of topics is great. But it is poorly written. Not a big fan of the writing style.
Displaying 1 - 5 of 5 reviews