Applied Microservice Security
A practical look at microservice security. With reference to an example application, we'll see how to apply various techniques that can significantly improve the security of the application and processes.
The talk will look at:
How to establish provenance in the build-test-deploy workflow. How can you be sure that your microservices are running what you think they're running? Could someone have tampered with them and injected vulnerable or trojaned versions? Could you be running old, out-of-date versions? Can you trace a running service back to the version of the code it was built from?
Making use of security scanners. Several services and tools exist that will automatically scan your containers for known vulnerabilities - we'll look at what benefits they can bring and how they can be integrated into an example workflow.
Enforcing the principle of least privilege. By reducing the resources and access rights assigned to containers, we can severely restrict and hamper would-be attackers. We'll look at some of the easiest wins and how they can applied to our example app.