What is it about?
The microservice architecture is a fairly new way of organizing software systems. Simply put, it means splitting the code of an application into multiple small building blocks which communicate with each other. It has many benefits for software development and maintenance, but introduces some concerns for security at the same time. Research has been done allready on the actual implementation of the code, and there are many guidelines, best-practices, etc. that developers can consult. However, for higher-level, architectural issues that need to be addressed when initially designing the applications, such guidelines are sparse. In our paper, we looked at sources from OWASP, NIST, and CSA to compile a list of architectural security rules which should be followed by any microservice application. The list contains 18 rules grouped into six topics and can be found in the paper.
Featured Image
Photo by Shahadat Rahman on Unsplash
Why is it important?
People creating microservice applications need guidelines to follow that will help them build more secure applications. Our list of architectural security rules is a step in that direction.
Read the Original
This page is a summary of: Towards a Security Benchmark for the Architectural Design of Microservice Applications, August 2022, ACM (Association for Computing Machinery),
DOI: 10.1145/3538969.3543807.
You can read the full text:
Contributors
The following have contributed to this page
