OWASP Meeting - Feb 21, 2017
Tuesday February 21st from 6:00-7:00 PM OWASP Meeting
Secure Architecture In The Land of Microservices
Microservices offer a lot of benefits for deploying large-scale applications, but implementing a secure architecture that scales over time can be challenging. Services are highly decoupled from each other as well as producers and consumers of data moving throughout the architecture. Data contracts between services are often blurry, and data sharing between microservices require careful consideration around access patterns and boundaries between related services. New services come, new services go. Some are deployed to containers, some to servers, and some are serverless. Your developers, data scientists, and infrastructure team are all empowered to move quickly and ship new services. Your job is to make sure all of the above happens in a secure and sane way.
In this presentation, we will discuss the challenges with securing microservices and present solutions to make security a seamless and frictionless part of scaling your architecture. Using real-world examples of successes and failures while building a microservice architecture, we will discuss what translates well from monolithic design to microservices, and the bad habits you should leave behind. We will demonstrate how to build authentication into a microservice architecture and how to implement a granular authorization scheme that will work effectively as you introduce new services. At the end of this presentation, you’ll understand what separates microservices from traditional monolithic applications and understand the problem space from a secure architectural perspective.
In this presentation, we explore using the following microservice concepts and patterns:
• Service discovery
• Patterns like CQRS
Jack is the CEO at nVisium and focuses on building solutions to make security and education scale in fast-paced software development organizations. He has worked with large software development teams around to guide secure software from conceptualization to production. Jack is a huge open source fan and regularly contributes to a wide variety of projects, and previously created the OWASP Mobile Security Project. In his spare time, he enjoys digging into new frameworks and writes most of his (good) code in Scala. He has spoken at most of the other major conferences people generally list in their bios, and usually finds writing about himself harder than it is for most people.
The meeting food & drinks will be sponsored by Capital One.
IMPORTANT Meeting Notes:
The location is a gun-free zone. Please do not attempt to bring in any guns, holsters, ammo, etc. into their office space. Also, backpacks, suitcases, and other bags larger than a small purse cannot be brought into the building by guests.