Prabath Siriwardena is the vice president of security architecture at WSO2, a company that produces open source software, and has more than 12 years of experience in the identity management and security domain.

Nuwan Dias is the director of API architecture at WSO2 and has worked in the software industry for more than 7 years, most of which he spent focusing on the API management domain. Both have helped build security designs for Fortune 500 companies including Boeing, Verizon, Nissan, HP, and GE.

Microservices Security in Action teaches you how to secure your microservices applications code and infrastructure. After a straightforward introduction to the challenges of microservices security, you’ll learn fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, you’ll explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA).

Along the way, authors and software security experts Prabath Siriwardena and Nuwan Dias shine a light on important concepts like throttling, analytics gathering, access control at the API gateway, and microservice-to-microservice communication. You’ll also discover how to securely deploy microservices using state-of-the-art technologies including Kubernetes, Docker, and the Istio service mesh. Lots of hands-on exercises secure your learning as you go, and this straightforward guide wraps up with a security process review and best practices. When you’re finished reading, you’ll be planning, designing, and implementing microservices applications with the priceless confidence that comes with knowing they’re secure!

what's inside

Key microservices security fundamentals

Securing service-to-service communication with mTLS and JWT

Deploying and securing microservices with Docker

Using Kubernetes security

Securing event-driven microservices

Using the Istio Service Mesh

Applying access control policies with OPA

Microservices security best practices

Building a single-page application to talk to microservices

Static code analysis, dynamic testing, and automatic security testing