Top 10 Security Best Practices to secure your Microservices - AppSecUSA 2017

I have worked on enterprise APIs being used by millions of users worldwide both as a Enterprise Security Architect and as a developer building these services. In this session, I will talk about Top 10 ways to design and build secure Microservices to protect your users and your reputation. This top 10 list includes: 1. Use the latest version of TLS 2. Designing a secure Infrastructure and Network whether on prem or in cloud 3. Best Practices in Authentication to authentication your clients or end users. 4. Authorization of your end users or clients so they get just the right access based on least privilege and need to know. 5. Protecting your APIs against Distributed Denial of Service by using patterns such as Rate Limiting, Throttling, Daily limits etc. 6. Alerting and Monitoring your APIs to detect abnormal patterns and security issues. 7. API resiliency that directly affects Availability of your Microservices. 8. Encrypting & Hashing sensitive data - at rest and/or in transit - in memory, in cache and in db, in transit, in UI 9. Key management security 10. Session Management best practices Chintan Jain Director of Software Engineering, Consumer Identity, Capital One Chintan Jain currently leads the development and delivery of next generation Consumer Identity products at Capital One. His main focus is delivering internet scale cloud hosted microservices with absolute security. - Managed by the official OWASP Media Project www.owasp.org/index.php/OWASP_Media_Project

• #science_technology
• #owasp
• #appsec