Aditi Anand, profile picture
Uploaded byAditi Anand
PPTX, PDF246 views

Microservices Security

Microservices face significant security challenges due to their distributed nature and larger attack surface, making them more vulnerable than monolithic applications. Effective strategies such as using OAuth for user access control and implementing an API gateway can help secure microservices by centralizing access and screening requests for security issues. Additionally, JWT (JSON Web Token) can be utilized for token-based authentication, ensuring the integrity and legitimacy of API requests.

Embed presentation

Download to read offline
Microservices Security
Security concerns in microservices • Microservices are usually widely distributed systems with a larger attack surface. • Due to the large number of APIs, ports, and components that are exposed traditional firewalls may not provide adequate security. • Securing microservices are harder than monolithic applications
Strategies to secure microservices • OAuth is one of the most effective strategies for user identity and access control. • Create a single and secure entry point (API gateway) that helps you to centralize all access from external systems and clients.
API Gateway • Screen all incoming requests for security issues before routing them to the appropriate microservices. • API gateway sits between the client applications and the microservices • API gateway might also implement security, e.g. verify that the client is authorized to perform the request • API gateway helps to prevent malicious attacks by providing an additional layer of protection from attack vectors such as SQL Injection, XML Parser exploits, and denial-of-service (DoS) attacks.
Spring Security with JWT (JSON Web Token) Authorize an API request using a token based authentication Once the user is logged in, each subsequent request will include the JWT The user agent sends the JWT, typically in the Authorization header using the Bearer schema - Authorization: Bearer <token>
JWT Structure • Header (contains type of token and signing algorithm) • Payload (contains claims that are statements about the user) • Signature (verify the message wasn't changed along the way) A JWT typically looks like • xxxxx.yyyyy.zzzzz
Thank you!

More Related Content

PDF
Security Patterns for Microservice Architectures
byVMware Tanzu
 
PDF
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
byEdureka!
 
PPTX
Spring Boot and REST API
by07.pallav
 
PPTX
Introduction to spring boot
bySantosh Kumar Kar
 
PPTX
Spring boot
byGyanendra Yadav
 
PDF
Nest.js Introduction
byTakuya Tejima
 
PPTX
Springboot Microservices
byNexThoughts Technologies
 
PDF
Introduction to kubernetes
byGabriel Carro
 
Security Patterns for Microservice Architectures
byVMware Tanzu
 
Spring Boot Tutorial | Microservices Spring Boot | Microservices Architecture...
byEdureka!
 
Spring Boot and REST API
by07.pallav
 
Introduction to spring boot
bySantosh Kumar Kar
 
Spring boot
byGyanendra Yadav
 
Nest.js Introduction
byTakuya Tejima
 
Springboot Microservices
byNexThoughts Technologies
 
Introduction to kubernetes
byGabriel Carro
 

What's hot

PPTX
RESTful API - Best Practices
byTricode (part of Dept)
 
PDF
Introduction to Github Actions
byKnoldus Inc.
 
PPTX
Introducing Swagger
byTony Tam
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
byEdureka!
 
PPTX
REST API Design & Development
byAshok Pundit
 
PPTX
Introduction to REST - API
byChetan Gadodia
 
PDF
Spring Security
byKnoldus Inc.
 
PPTX
Docker: From Zero to Hero
byfazalraja
 
PPTX
Spring Boot Tutorial
byNaphachara Rattanawilai
 
PPTX
Security in microservices architectures
byinovia
 
PPTX
Modern CI/CD Pipeline Using Azure DevOps
byGlobalLogic Ukraine
 
PPTX
CICD Pipeline Using Github Actions
byKumar Shìvam
 
ODP
Apache ActiveMQ and Apache Camel
byOmi Om
 
PPSX
API Test Automation
bySQALab
 
PDF
NestJS
byWilson Su
 
PDF
DevSecOps
bySpv Reddy
 
PPTX
Spring Security 5
byJesus Perez Franco
 
PDF
Docker 101: Introduction to Docker
byDocker, Inc.
 
PDF
OWASP API Security Top 10 - API World
by42Crunch
 
PDF
Introduction to GitHub Actions
byKnoldus Inc.
 
RESTful API - Best Practices
byTricode (part of Dept)
 
Introduction to Github Actions
byKnoldus Inc.
 
Introducing Swagger
byTony Tam
 
What is REST API? REST API Concepts and Examples | Edureka
byEdureka!
 
REST API Design & Development
byAshok Pundit
 
Introduction to REST - API
byChetan Gadodia
 
Spring Security
byKnoldus Inc.
 
Docker: From Zero to Hero
byfazalraja
 
Spring Boot Tutorial
byNaphachara Rattanawilai
 
Security in microservices architectures
byinovia
 
Modern CI/CD Pipeline Using Azure DevOps
byGlobalLogic Ukraine
 
CICD Pipeline Using Github Actions
byKumar Shìvam
 
Apache ActiveMQ and Apache Camel
byOmi Om
 
API Test Automation
bySQALab
 
NestJS
byWilson Su
 
DevSecOps
bySpv Reddy
 
Spring Security 5
byJesus Perez Franco
 
Docker 101: Introduction to Docker
byDocker, Inc.
 
OWASP API Security Top 10 - API World
by42Crunch
 
Introduction to GitHub Actions
byKnoldus Inc.
 

Similar to Microservices Security

PDF
API Security in a Microservices World
by42Crunch
 
PPTX
Software Development Technologies SDT.PPTX
byJPrince9
 
PDF
Protecting Microservices APIs with 42Crunch API Firewall
by42Crunch
 
PPTX
Securing Microservices with Spring Cloud Security
byWill Tran
 
PDF
Microservice architecture-api-gateway-considerations
byImam Uddin Ahamed - PRINCE2 ® , ITIL ®
 
PDF
APIGATEWAY in Microservices
byIRJET Journal
 
PDF
Microservices Security: dos and don'ts
byMinded Security
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
byTrupti Shiralkar, CISSP
 
PDF
Protecting microservices using secure design patterns 1.0
byTrupti Shiralkar, CISSP
 
PDF
Developing microservices with Java and applying Spring security framework and...
byIRJET Journal
 
PDF
The Role of IAM in Microservices
byWSO2
 
PDF
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
byapidays
 
PPTX
Api gateway : To be or not to be
byJaewoo Ahn
 
PDF
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
byMatt Raible
 
PDF
Gateway and secure micro services
byJordan Valdma
 
PDF
API Security In Cloud Native Era
byWSO2
 
PPTX
Take Control of your APIs in a Microservice Architecture
by3scale
 
PDF
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
PPTX
API Security in a Microservice Architecture
byMatt McLarty
 
PDF
Identiverse - Microservices Security
byBertrand Carlier
 
API Security in a Microservices World
by42Crunch
 
Software Development Technologies SDT.PPTX
byJPrince9
 
Protecting Microservices APIs with 42Crunch API Firewall
by42Crunch
 
Securing Microservices with Spring Cloud Security
byWill Tran
 
Microservice architecture-api-gateway-considerations
byImam Uddin Ahamed - PRINCE2 ® , ITIL ®
 
APIGATEWAY in Microservices
byIRJET Journal
 
Microservices Security: dos and don'ts
byMinded Security
 
Zerotrusting serverless applications protecting microservices using secure d...
byTrupti Shiralkar, CISSP
 
Protecting microservices using secure design patterns 1.0
byTrupti Shiralkar, CISSP
 
Developing microservices with Java and applying Spring security framework and...
byIRJET Journal
 
The Role of IAM in Microservices
byWSO2
 
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...
byapidays
 
Api gateway : To be or not to be
byJaewoo Ahn
 
Microservices for the Masses with Spring Boot, JHipster, and JWT - Devoxx UK...
byMatt Raible
 
Gateway and secure micro services
byJordan Valdma
 
API Security In Cloud Native Era
byWSO2
 
Take Control of your APIs in a Microservice Architecture
by3scale
 
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
API Security in a Microservice Architecture
byMatt McLarty
 
Identiverse - Microservices Security
byBertrand Carlier
 

Recently uploaded

PPTX
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PDF
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
PDF
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
PDF
apidays Amsterdam 2025 | APIs with a Purpose
byapidays
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
PDF
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
PDF
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
PPTX
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
apidays Amsterdam 2025 | Making AI work for you as an API Product Manager
byapidays
 
PDF
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
PPTX
BUSY Software Business Management Solution.pptx
byMoving Cloud
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
PDF
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
PDF
20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf
byAkihiro Suda
 
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
Artificial Intelligence Planning (Harinath Palavalli)
byHarinath Palavalli
 
apidays Amsterdam 2025 | APIs with a Purpose
byapidays
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
Build a Scalable On-Demand Courier Service App.pdf
byV3CUBE TECHNOLABS
 
The Growing Impact of Blockchain and Web3 on Digital Ownership With Paul Inou...
byPaul Inouye
 
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
apidays Amsterdam 2025 | Making AI work for you as an API Product Manager
byapidays
 
Attendance Dashboard – Time & Attendance Analytics
byHajir Pro
 
BUSY Software Business Management Solution.pptx
byMoving Cloud
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Windows Server 2025 Administration Fundamentals 4ED
byraynasolomon136
 
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
20260201 [FOSDEM] gomodjail - library sandboxing for Go modules.pdf
byAkihiro Suda
 

Microservices Security

  • 1.
  • 2.
    Security concerns inmicroservices • Microservices are usually widely distributed systems with a larger attack surface. • Due to the large number of APIs, ports, and components that are exposed traditional firewalls may not provide adequate security. • Securing microservices are harder than monolithic applications
  • 3.
    Strategies to securemicroservices • OAuth is one of the most effective strategies for user identity and access control. • Create a single and secure entry point (API gateway) that helps you to centralize all access from external systems and clients.
  • 4.
    API Gateway • Screenall incoming requests for security issues before routing them to the appropriate microservices. • API gateway sits between the client applications and the microservices • API gateway might also implement security, e.g. verify that the client is authorized to perform the request • API gateway helps to prevent malicious attacks by providing an additional layer of protection from attack vectors such as SQL Injection, XML Parser exploits, and denial-of-service (DoS) attacks.
  • 6.
    Spring Security with JWT (JSON WebToken) Authorize an API request using a token based authentication Once the user is logged in, each subsequent request will include the JWT The user agent sends the JWT, typically in the Authorization header using the Bearer schema - Authorization: Bearer <token>
  • 7.
    JWT Structure • Header(contains type of token and signing algorithm) • Payload (contains claims that are statements about the user) • Signature (verify the message wasn't changed along the way) A JWT typically looks like • xxxxx.yyyyy.zzzzz
  • 9.