What do you think?
Rate this book
Microservices Security in Action: Design secure network and API endpoint security for Microservices applications, with examples using Java, Kubernetes, and Istio
”A complete guide to the challenges and solutions in securing microservices architectures.” —Massimo Siani, FinDynamic Key Features Secure microservices infrastructure and code Monitoring, access control, and microservice-to-microservice communications Deploy securely using Kubernetes, Docker, and the Istio service mesh. Hands-on examples and exercises using Java and Spring Boot Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. Microservices Security in Action teaches you how to address microservices-specific security challenges throughout the system. This practical guide includes plentiful hands-on exercises using industry-leading open-source tools and examples using Java and Spring Boot. About The Book Design and implement security into your microservices from the start. Microservices Security in Action teaches you to assess and address security challenges at every level of a Microservices application, from APIs to infrastructure. You’ll find effective solutions to common security problems, including throttling and monitoring, access control at the API gateway, and microservice-to-microservice communication. Detailed Java code samples, exercises, and real-world business use cases ensure you can put what you’ve learned into action immediately. What You Will Learn Microservice security concepts Edge services with an API gateway Deployments with Docker, Kubernetes, and Istio Security testing at the code level Communications with HTTP, gRPC, and Kafka This Book Is Written For For experienced microservices developers with intermediate Java skills. About The Author Prabath Siriwardena is the vice president of security architecture at WSO2. Nuwan Dias is the director of API architecture at WSO2. They have designed secure systems for many Fortune 500 companies. Table of Contents PART 1 OVERVIEW 1 Microservices security landscape 2 First steps in securing microservices PART 2 EDGE SECURITY 3 Securing north/south traffic with an API gateway 4 Accessing a secured microservice via a single-page application 5 Engaging throttling, monitoring, and access control PART 3 SERVICE-TO-SERVICE COMMUNICATIONS 6 Securing east/west traffic with certificates 7 Securing east/west traffic with JWT 8 Securing east/west traffic over gRPC 9 Securing reactive microservices PART 4 SECURE DEPLOYMENT 10 Conquering container security with Docker 11 Securing microservices on Kubernetes 12 Securing microservices with Istio service mesh PART 5 SECURE DEVELOPMENT 13 Secure coding practices and automation
616 pages, Kindle Edition
Published July 11, 2020
5 people are currently reading
13 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
August 11, 2025
The Downfall of Manning Is Real
This was not the book I was looking for. I was in the middle of a security audit for a large Kubernetes cluster and picked this up hoping for an actionable guide to securing microservices. That was a mistake. This book is mediocre at best and could easily be replaced by a handful of blog posts—many of which go into more depth than this does.
First, it’s painfully repetitive—sometimes repeating the same point almost word for word within a page or two. On top of that, roughly 20–30% of the content is spent on topics that shouldn’t be here at all, like Docker and Kubernetes setup overviews. Not only are these overviews shallow and outdated (as all such chapters inevitably become), but in places, they’re misleading.
The technology choices for examples are equally questionable. While I won’t dwell on the choice of Java and Spring Boot—despite their mismatch with the “lightweight” microservices ethos—some inclusions are baffling. Kafka and NATS have little to do with microservices security, and the Kafka examples in particular are poorly thought out.
When the book finally gets to actual security topics, the coverage is thin and painfully obvious. Anyone with a few years in SRE, DevOps, or DevSecOps will roll their eyes at how shallow it is.
My main aim was to learn how to protect microservices in Kubernetes—especially using Istio’s service mesh. I first picked up this book years ago while at Lyft, interested in Istio because of its Envoy foundation. Unfortunately, Istio’s own documentation and a few solid blog posts on zero-trust networking provided far more value than this book ever did.
P.S. I’m not sure what’s happening, but the quality of recent books from major publishers like Manning and O’Reilly has noticeably slipped. Increasingly, new releases feel like filler—expensive, glossy wastes of paper with very little substance.
This was not the book I was looking for. I was in the middle of a security audit for a large Kubernetes cluster and picked this up hoping for an actionable guide to securing microservices. That was a mistake. This book is mediocre at best and could easily be replaced by a handful of blog posts—many of which go into more depth than this does.
First, it’s painfully repetitive—sometimes repeating the same point almost word for word within a page or two. On top of that, roughly 20–30% of the content is spent on topics that shouldn’t be here at all, like Docker and Kubernetes setup overviews. Not only are these overviews shallow and outdated (as all such chapters inevitably become), but in places, they’re misleading.
The technology choices for examples are equally questionable. While I won’t dwell on the choice of Java and Spring Boot—despite their mismatch with the “lightweight” microservices ethos—some inclusions are baffling. Kafka and NATS have little to do with microservices security, and the Kafka examples in particular are poorly thought out.
When the book finally gets to actual security topics, the coverage is thin and painfully obvious. Anyone with a few years in SRE, DevOps, or DevSecOps will roll their eyes at how shallow it is.
My main aim was to learn how to protect microservices in Kubernetes—especially using Istio’s service mesh. I first picked up this book years ago while at Lyft, interested in Istio because of its Envoy foundation. Unfortunately, Istio’s own documentation and a few solid blog posts on zero-trust networking provided far more value than this book ever did.
P.S. I’m not sure what’s happening, but the quality of recent books from major publishers like Manning and O’Reilly has noticeably slipped. Increasingly, new releases feel like filler—expensive, glossy wastes of paper with very little substance.
November 19, 2023
Highly recommended
Displaying 1 - 2 of 2 reviews