Top 10 Security Best Practices to secure your Microservices

Presented at AppSec USA 2017, Sept. 21, 2017, 11:30 a.m. (45 minutes).

I have worked on enterprise APIs being used by millions of users worldwide both as a Enterprise Security Architect and as a developer building these services. In this session, I will talk about Top 10 ways to design and build secure Microservices to protect your users and your reputation. This top 10 list includes:   1. Use the latest version of TLS 2. Designing a secure Infrastructure and Network whether on prem or in cloud 3. Best Practices in Authentication to authentication your clients or end users. 4. Authorization of your end users or clients so they get just the right access based on least privilege and need to know. 5. Protecting your APIs against Distributed Denial of Service by using patterns such as Rate Limiting, Throttling, Daily limits etc. 6. Alerting and Monitoring your APIs to detect abnormal patterns and security issues. 7. API resiliency that directly affects Availability of your Microservices. 8. Encrypting & Hashing sensitive data - at rest and/or in transit - in memory, in cache and in db, in transit, in UI 9. Key management security 10. Session Management best practices

Presenters:

  • Chintan Jain - Director of Software Engineering, Consumer Identity - Capital One
    Chintan Jain currently leads the development and delivery of next generation Consumer Identity products at Capital One. His main focus is delivering internet scale cloud hosted microservices with absolute security. He has over 18 years of experience in the information security field mainly focused on the secure development side of house focusing on identity and access management, authentication and cryptography. He has 1 approved patent and 9 patents pending at USPTO mainly in the areas of mobile, big data, geofencing and social networking.

Links:

Similar Presentations: