Microservices Security Best Practices

dev.to

But what are Microservices in the first place ??

In the layman terms, microservices architecture is a way of building an application where each functionality is handled differently.

This means if a particular functionality gets buggy or down, it doesn’t impact the other.

This also makes faster remediation and each of individual microservices may be programmed in their own languages.

Nowadays, most of the multi functional sites we see online, work on the Microservices architecture.

Here are the Top 10 Security Best practices of Microservices Architecture:

1. Use the latest version of TLS
2. Designing a secure Infrastructure and Network whether on premise or in cloud .
3. Best Practices in Authentication to authentication your clients or end users.
4. Authorization of your end users or clients so they get just the right access based on least privilege and need to know.
5. Protecting your APIs against Distributed Denial of Service by using patterns such as Rate Limiting, Throttling, Daily limits etc.
6. Alerting and Monitoring your APIs to detect abnormal patterns and security issues.
7. API resiliency that directly affects Availability of your Microservices.
8. Encrypting & Hashing sensitive data — at rest and/or in transit — in memory, in cache and in db, in transit, in UI
9. Key management security
10. Session Management best practices

This is taken from https://www.youtube.com/watch?v=0xj3xtBI3pY where you can find the detailed explanation of each of the best practices.