SlideShare une entreprise Scribd logo
1  sur  160
Télécharger pour lire hors ligne
APPSEC &
MICROSERVICES
Sam Newman
Velocity 2016
@samnewman#velocityconf
@samnewman#velocityconf
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS
@samnewman#velocityconf
Microservices Can Make
Everything Worse
@samnewman#velocityconf
@samnewman#velocityconfhttps://www.flickr.com/photos/seattlemunicipalarchives/4058808950
@samnewman#velocityconf https://www.flickr.com/photos/theseanster93/485390997/
@samnewman#velocityconf
http://map.norsecorp.com/
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
Accounts
Returns
Invoicing
Shipping
Inventory
Customer
Service
@samnewman#velocityconf
Accounts
Returns
Invoicing
Shipping
Inventory
Customer
Service
Small Independently Deployable
services that work together, modelled
around a business domain
https://www.flickr.com/photos/wwworks/2607036664/
https://www.flickr.com/photos/lkowen/15803718243/
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
Prevention
@samnewman#velocityconf
Prevention Detection
@samnewman#velocityconf
Prevention Detection
Response
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf https://www.flickr.com/photos/adulau/15680439035/
@samnewman#velocityconf https://www.flickr.com/photos/duanestorey/469163789/
@samnewman#velocityconf
https://www.schneier.com/paper-attacktrees-ddj-ft.html
@samnewman#velocityconf
Open Safe
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
Find Written
Combo
Get Combo from
the target
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
Find Written
Combo
Get Combo from
the target
Blackmail Threaten Bribe
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
Find Written
Combo
Get Combo from
the target
Blackmail Threaten Bribe
Impossible
Impossible Impossible
Possible
Possible
Possible
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
Find Written
Combo
Get Combo from
the target
Blackmail Threaten Bribe
@samnewman#velocityconf
Open Safe
Pick Lock Learn Combo Cut Open
Find Written
Combo
Get Combo from
the target
Blackmail Threaten Bribe
$$$$
$$$$ $$$$
$$
$$
$
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
Transport Security
@samnewman#velocityconf
HTTPS Everywhere!
BENEFITS OF HTTPS?
BENEFITS OF HTTPS?
▫︎Server guarantees!
BENEFITS OF HTTPS?
▫︎Server guarantees!
▫︎Payload not manipulated…
BENEFITS OF HTTPS?
▫︎Server guarantees!
▫︎Payload not manipulated…
▫︎…but no client guarantee and…
BENEFITS OF HTTPS?
▫︎Server guarantees!
▫︎Payload not manipulated…
▫︎…but no client guarantee and…
▫︎…certificates can be a pain
@samnewman#velocityconf
https://letsencrypt.org/
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
CLIENT-SIDE CERTIFICATES?
CLIENT-SIDE CERTIFICATES?
▫︎Client guarantees!
CLIENT-SIDE CERTIFICATES?
▫︎Client guarantees!
▫︎…but a PITA to manage….
@samnewman#velocityconf
http://techblog.netflix.com/2015/09/introducing-lemur.html
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
@samnewman#velocityconf
Auth?
@samnewman#velocityconf
Auth?
Authentication
@samnewman#velocityconf
Auth?
Authentication Authorisation
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
Web
browsers
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
Web
browsers
Form AuthOAuth
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
Web
browsers
Form AuthOAuth
PERIMETER SECURITY!
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
Web
browsers
Form AuthOAuth
PERIMETER SECURITY!
User
service
@samnewman#velocityconf
Music
Web Shop
User
service
User
service
Implicit Trust?
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Mobile
app
Web
browsers
User
service
Web
browsers
User
service
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Mobile
app
Web
browsers
User
service
Web
browsers
User
service
Asking As Bob
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Mobile
app
Web
browsers
User
service
Web
browsers
User
service
Asking As Bob
Can I see
Alice’s Data?
@samnewman#velocityconf https://www.flickr.com/photos/lundyd/14481829564/
Confused
Deputy
Problem!
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
{
"id": "402ndj39",
"name": “Alice Alison"
}
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
{
"id": "402ndj39",
"name": “Alice Alison"
}
@samnewman#velocityconf
Music
Web Shop
Web
browsers
User
service
{
"id": "402ndj39",
"name": “Alice Alison"
}
@samnewman#velocityconf
Data At Rest?
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
Payment
Gateway
Mobile
app
Web
browsers
User
service
User
service
@samnewman#velocityconf
Encryption!
@samnewman#velocityconf https://www.flickr.com/photos/aigle_dore/2781302649
@samnewman#velocityconf
Plain Text?
@samnewman#velocityconf
@samnewman#velocityconf
“In the API server secret data is stored as plaintext in etcd"
http://kubernetes.io/docs/user-guide/secrets/#security-properties
@samnewman#velocityconf
Secure Vaults
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
Aside: Docker
@samnewman#velocityconf
http://www.banyanops.com/blog/analyzing-docker-hub/
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
S/M TestsBuild Large Tests Production
@samnewman#velocityconf
S/M TestsBuild Large Tests Production
Security?
@samnewman#velocityconf
S/M TestsBuild Large Tests Production
Security?
OWASP ZAP Attack Proxy
Static Analysers
@samnewman#velocityconf https://www.microsoft.com/en-us/sdl/
@samnewman#velocityconf
https://medium.com/built-to-adapt/the-three-r-s-of-enterprise-security-
rotate-repave-and-repair-f64f6d6ba29d
@samnewman#velocityconf
“At or near the top of security concerns in the
datacenter is something called an Advanced
Persistent Threat (APT). An APT gains
unauthorized access to a network and can stay
hidden for a long period of time. Its goal is
usually to steal, corrupt, or ransom data.”
- Justin Smith, Pivotal
@samnewman#velocityconf
Rotate: Short-lived Credentials
@samnewman#velocityconf
Rotate: Short-lived Credentials
Repair: Patch Your Stuff
@samnewman#velocityconf
Rotate: Short-lived Credentials
Repave: Burn It Down!
Repair: Patch Your Stuff
@samnewman#velocityconf
http://www.theregister.co.uk/2014/06/18/code_spaces_destroyed/
@samnewman#velocityconf
https://github.com/michenriksen/gitrob
@samnewman#velocityconf
(don’t forget to limit
credential scope too)
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
https://www.qualys.com/research/top10/
@samnewman#velocityconf
http://www.extremetech.com/computing/190959-shellshock-a-deadly-new-vulnerability-that-could-lay-waste-to-the-internet
@samnewman#velocityconf
@samnewman#velocityconf
Repair: Patch Your Stuff
@samnewman#velocityconf
https://www.modsecurity.org/
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service
PERIMETER SECURITY!
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service
PERIMETER SECURITY!
PERIMETER SECURITY!
@samnewman#velocityconf
Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service
PERIMETER SECURITY!
PERIMETER SECURITY!
PERIMETERSECURITY!
@samnewman#velocityconf
Polyglot = more stuff to track!
@samnewman#velocityconf
https://www.npmjs.com/package/npm-check
@samnewman#velocityconf
@samnewman#velocityconf
b4a2f5ga2
4335egad3
ab2d56be3
847ea3dbe
@samnewman#velocityconf
b4a2f5ga2
4335egad3
ab2d56be3
847ea3dbe !!!
!!!
@samnewman#velocityconf
b4a2f5ga2
4335egad3
ab2d56be3
847ea3dbe
847ea3dbe
847ea3dbe
847ea3dbe
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
4335egad3
847ea3dbe
!!!
!!!
@samnewman#velocityconf
https://github.com/coreos/clair
@samnewman#velocityconf
Repair: Patch Your Stuff
@samnewman#velocityconf
Repair: Patch Your Stuff
Automate it
@samnewman#velocityconf
Repair: Patch Your Stuff
Automate it
Do It A Lot
@samnewman#velocityconf
Repair: Patch Your Stuff
Automate it
Do It A Lot
And Check Your Work
@samnewman#velocityconf
@samnewman#velocityconf
Polyglot = more things to break?
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf http://krebsonsecurity.com/tag/target-data-breach/
@samnewman#velocityconf
Comms
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
https://en.wikipedia.org/wiki/Chicago_Tylenol_murders
@samnewman#velocityconf
@samnewman#velocityconf
@samnewman#velocityconf
Customer
@samnewman#velocityconf
Customer
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Backups
@samnewman#velocityconf
@samnewman#velocityconf
Repave: Burn It Down!
@samnewman#velocityconf
Phoenix Servers
@samnewman#velocityconf
Phoenix Servers
Immutable Servers
@samnewman#velocityconf
Phoenix Servers
Immutable Servers
= repave on every release
@samnewman#velocityconf
Why not repave automatically when
you apply a patch?
@samnewman#velocityconf
RepaveBackups
@samnewman#velocityconf
Harder with microservices?
RepaveBackups
@samnewman#velocityconf
Harder with microservices?
RepaveBackups
AUTOMATE ALL THE THINGS
@samnewman#velocityconf
Post Mortems
@samnewman#velocityconf
http://www.smh.com.au/digital-life/mobiles/telstra-outage-manager-connected-customers-to-faulty-node-in-embarrassing-
error-20160209-gmpn7f.html
@samnewman#velocityconf
"[The employee responsible] didn't follow
procedures and clearly that's not a good thing
but I wouldn't want to pre-empt the proper
investigation and we'll figure out what the right
response is when we've had a chance to dig into
the detail."
- Australian Financial Review
http://www.afr.com/business/telecommunications/telstra-mobile-network-down-across-
australia-reports-20160209-gmpaty
@samnewman#velocityconf
http://samnewman.io/blog/2016/02/10/telstra_outage/
@samnewman#velocityconf
https://vimeo.com/102167635
@samnewman#velocityconf
“Finding the root cause of a
failure is like finding a root
cause of a success.”
http://www.kitchensoap.com/2012/02/10/each-necessary-but-only-jointly-sufficient/
John Allspaw
@samnewman#velocityconf
http://www.smh.com.au/technology/technology-news/telstra-free-data-guy-clocks-up-almost-
a-terabyte-of-downloads-20160404-gnxu14.html
@samnewman#velocityconf
Don’t forget to review your old
post-mortems too…
@samnewman#velocityconf
Don’t forget to review your old
post-mortems too…
…and the resulting action plans!
@samnewman#velocityconf
Prevention Detection
ResponseRecovery
@samnewman#velocityconf
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS
http://buildingmicroservices.com/
@samnewman#velocityconf
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS
http://buildingmicroservices.com/
http://samnewman.io/
@samnewman#velocityconf
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS
http://buildingmicroservices.com/
http://magpietalkshow.com/
http://samnewman.io/
@samnewman#velocityconf
Wednesday 22nd
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS
Signing
5.45pm
@ Oreilly Booth
@samnewman
snewman@thoughtworks.com
THANKS!

Contenu connexe

Tendances

BETA - Securing microservices
BETA - Securing microservicesBETA - Securing microservices
BETA - Securing microservicesSam Newman
 
AppSec and Microservices
AppSec and MicroservicesAppSec and Microservices
AppSec and MicroservicesSam Newman
 
Testing & deploying Microservices GeeCon 2014
Testing & deploying Microservices   GeeCon 2014Testing & deploying Microservices   GeeCon 2014
Testing & deploying Microservices GeeCon 2014Sam Newman
 
Confusion In The Land Of The Serverless - 90min Version
Confusion In The Land Of The Serverless - 90min VersionConfusion In The Land Of The Serverless - 90min Version
Confusion In The Land Of The Serverless - 90min VersionSam Newman
 
Confusion In The Land Of The Serverless
Confusion In The Land Of The ServerlessConfusion In The Land Of The Serverless
Confusion In The Land Of The ServerlessSam Newman
 
Principles of Microservices - NDC 2014
Principles of Microservices  - NDC 2014Principles of Microservices  - NDC 2014
Principles of Microservices - NDC 2014Sam Newman
 
From macro to micro goto
From macro to micro   gotoFrom macro to micro   goto
From macro to micro gotoSam Newman
 
Rip It Up - The Microservice Organisation
Rip It Up  - The Microservice OrganisationRip It Up  - The Microservice Organisation
Rip It Up - The Microservice OrganisationSam Newman
 
Principles of microservices ndc oslo
Principles of microservices   ndc osloPrinciples of microservices   ndc oslo
Principles of microservices ndc osloSam Newman
 
Hiding The Lead: Coupling, cohesion and microservices
Hiding The Lead: Coupling, cohesion and microservicesHiding The Lead: Coupling, cohesion and microservices
Hiding The Lead: Coupling, cohesion and microservicesSam Newman
 
Feature Branches And Toggles In A Post-GitHub World
Feature Branches And Toggles In A Post-GitHub WorldFeature Branches And Toggles In A Post-GitHub World
Feature Branches And Toggles In A Post-GitHub WorldSam Newman
 
What Is This Cloud Native Thing Anyway?
What Is This Cloud Native Thing Anyway?What Is This Cloud Native Thing Anyway?
What Is This Cloud Native Thing Anyway?Sam Newman
 
THE UX OF DATA - VISUALIZATION RESPONSIVE
THE UX OF DATA - VISUALIZATION RESPONSIVETHE UX OF DATA - VISUALIZATION RESPONSIVE
THE UX OF DATA - VISUALIZATION RESPONSIVEPeter Rozek
 
Deploying and Testing Microservices
Deploying and Testing MicroservicesDeploying and Testing Microservices
Deploying and Testing MicroservicesThoughtworks
 
Principles of microservices velocity
Principles of microservices   velocityPrinciples of microservices   velocity
Principles of microservices velocitySam Newman
 
The UX of DATA: Responsive Datenvisualisierung mit jQuery
The UX of DATA: Responsive Datenvisualisierung mit jQueryThe UX of DATA: Responsive Datenvisualisierung mit jQuery
The UX of DATA: Responsive Datenvisualisierung mit jQueryPeter Rozek
 
Networks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkNetworks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkReadWrite
 
Google Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitGoogle Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitMike Arnesen
 
Performance and UX
Performance and UXPerformance and UX
Performance and UXPeter Rozek
 

Tendances (20)

BETA - Securing microservices
BETA - Securing microservicesBETA - Securing microservices
BETA - Securing microservices
 
AppSec and Microservices
AppSec and MicroservicesAppSec and Microservices
AppSec and Microservices
 
Testing & deploying Microservices GeeCon 2014
Testing & deploying Microservices   GeeCon 2014Testing & deploying Microservices   GeeCon 2014
Testing & deploying Microservices GeeCon 2014
 
Confusion In The Land Of The Serverless - 90min Version
Confusion In The Land Of The Serverless - 90min VersionConfusion In The Land Of The Serverless - 90min Version
Confusion In The Land Of The Serverless - 90min Version
 
Confusion In The Land Of The Serverless
Confusion In The Land Of The ServerlessConfusion In The Land Of The Serverless
Confusion In The Land Of The Serverless
 
Principles of Microservices - NDC 2014
Principles of Microservices  - NDC 2014Principles of Microservices  - NDC 2014
Principles of Microservices - NDC 2014
 
From macro to micro goto
From macro to micro   gotoFrom macro to micro   goto
From macro to micro goto
 
Rip It Up - The Microservice Organisation
Rip It Up  - The Microservice OrganisationRip It Up  - The Microservice Organisation
Rip It Up - The Microservice Organisation
 
Principles of microservices ndc oslo
Principles of microservices   ndc osloPrinciples of microservices   ndc oslo
Principles of microservices ndc oslo
 
It's a trap!
It's a trap!It's a trap!
It's a trap!
 
Hiding The Lead: Coupling, cohesion and microservices
Hiding The Lead: Coupling, cohesion and microservicesHiding The Lead: Coupling, cohesion and microservices
Hiding The Lead: Coupling, cohesion and microservices
 
Feature Branches And Toggles In A Post-GitHub World
Feature Branches And Toggles In A Post-GitHub WorldFeature Branches And Toggles In A Post-GitHub World
Feature Branches And Toggles In A Post-GitHub World
 
What Is This Cloud Native Thing Anyway?
What Is This Cloud Native Thing Anyway?What Is This Cloud Native Thing Anyway?
What Is This Cloud Native Thing Anyway?
 
THE UX OF DATA - VISUALIZATION RESPONSIVE
THE UX OF DATA - VISUALIZATION RESPONSIVETHE UX OF DATA - VISUALIZATION RESPONSIVE
THE UX OF DATA - VISUALIZATION RESPONSIVE
 
Deploying and Testing Microservices
Deploying and Testing MicroservicesDeploying and Testing Microservices
Deploying and Testing Microservices
 
Principles of microservices velocity
Principles of microservices   velocityPrinciples of microservices   velocity
Principles of microservices velocity
 
The UX of DATA: Responsive Datenvisualisierung mit jQuery
The UX of DATA: Responsive Datenvisualisierung mit jQueryThe UX of DATA: Responsive Datenvisualisierung mit jQuery
The UX of DATA: Responsive Datenvisualisierung mit jQuery
 
Networks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To DrinkNetworks, Networks Everywhere, And Not A Packet To Drink
Networks, Networks Everywhere, And Not A Packet To Drink
 
Google Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummitGoogle Tag Manager Crash Course | MnSummit
Google Tag Manager Crash Course | MnSummit
 
Performance and UX
Performance and UXPerformance and UX
Performance and UX
 

En vedette

Surfing the event stream
Surfing the event streamSurfing the event stream
Surfing the event streamSam Newman
 
ELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log systemELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log systemAvleen Vig
 
Launching a Rocketship Off Someone Else's Back
Launching a Rocketship Off Someone Else's BackLaunching a Rocketship Off Someone Else's Back
Launching a Rocketship Off Someone Else's Backjoshelman
 
Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Steve Hoffman
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester:  Security, Microservces and Vault by Nicki WattMicroservices Manchester:  Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016SteveAtHPE
 
Design+Startups (Startup Lessons Learned)
Design+Startups (Startup Lessons Learned)Design+Startups (Startup Lessons Learned)
Design+Startups (Startup Lessons Learned)Janice Fraser
 
Safe - corruption, copout or corporate kaizen
Safe - corruption, copout or corporate kaizenSafe - corruption, copout or corporate kaizen
Safe - corruption, copout or corporate kaizenMark Richards
 
Adopting sa fe the theory and the practice (Perth Agile Meetup Aug 2013)
Adopting sa fe   the theory and the practice (Perth Agile Meetup Aug 2013)Adopting sa fe   the theory and the practice (Perth Agile Meetup Aug 2013)
Adopting sa fe the theory and the practice (Perth Agile Meetup Aug 2013)Mark Richards
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?Jason Bloomberg
 
Protection of Information System & Types of Controls
Protection of Information System & Types of ControlsProtection of Information System & Types of Controls
Protection of Information System & Types of ControlsVR Talsaniya
 
Designing for rapid release goto 2012
Designing for rapid release   goto 2012Designing for rapid release   goto 2012
Designing for rapid release goto 2012Sam Newman
 
App::highlight - a simple grep-like highlighter app
App::highlight - a simple grep-like highlighter appApp::highlight - a simple grep-like highlighter app
App::highlight - a simple grep-like highlighter appAlex Balhatchet
 
Mysql casual talks vol4
Mysql casual talks vol4Mysql casual talks vol4
Mysql casual talks vol4matsuo kenji
 
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...VMware Tanzu
 
Salesforceでの大規模データの取り扱い
Salesforceでの大規模データの取り扱いSalesforceでの大規模データの取り扱い
Salesforceでの大規模データの取り扱いSalesforce Developers Japan
 
The reference collection
The reference collectionThe reference collection
The reference collectionvargas8854
 

En vedette (19)

Surfing the event stream
Surfing the event streamSurfing the event stream
Surfing the event stream
 
ELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log systemELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log system
 
Launching a Rocketship Off Someone Else's Back
Launching a Rocketship Off Someone Else's BackLaunching a Rocketship Off Someone Else's Back
Launching a Rocketship Off Someone Else's Back
 
Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015Enabling Microservices @Orbitz - Velocity Conf 2015
Enabling Microservices @Orbitz - Velocity Conf 2015
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester:  Security, Microservces and Vault by Nicki WattMicroservices Manchester:  Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
 
Design+Startups (Startup Lessons Learned)
Design+Startups (Startup Lessons Learned)Design+Startups (Startup Lessons Learned)
Design+Startups (Startup Lessons Learned)
 
Safe - corruption, copout or corporate kaizen
Safe - corruption, copout or corporate kaizenSafe - corruption, copout or corporate kaizen
Safe - corruption, copout or corporate kaizen
 
Adopting sa fe the theory and the practice (Perth Agile Meetup Aug 2013)
Adopting sa fe   the theory and the practice (Perth Agile Meetup Aug 2013)Adopting sa fe   the theory and the practice (Perth Agile Meetup Aug 2013)
Adopting sa fe the theory and the practice (Perth Agile Meetup Aug 2013)
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?
 
Protection of Information System & Types of Controls
Protection of Information System & Types of ControlsProtection of Information System & Types of Controls
Protection of Information System & Types of Controls
 
Designing for rapid release goto 2012
Designing for rapid release   goto 2012Designing for rapid release   goto 2012
Designing for rapid release goto 2012
 
App::highlight - a simple grep-like highlighter app
App::highlight - a simple grep-like highlighter appApp::highlight - a simple grep-like highlighter app
App::highlight - a simple grep-like highlighter app
 
BlinkDB 紹介
BlinkDB 紹介BlinkDB 紹介
BlinkDB 紹介
 
Mysql casual talks vol4
Mysql casual talks vol4Mysql casual talks vol4
Mysql casual talks vol4
 
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
Continuous Delivery for Microservice Architectures with Concourse & Cloud Fou...
 
Salesforceでの大規模データの取り扱い
Salesforceでの大規模データの取り扱いSalesforceでの大規模データの取り扱い
Salesforceでの大規模データの取り扱い
 
The reference collection
The reference collectionThe reference collection
The reference collection
 

Similaire à AppSec & Microservices - Velocity 2016

Webinar #5: Mobile indsigter og trends ft. Google
Webinar #5: Mobile indsigter og trends ft. Google Webinar #5: Mobile indsigter og trends ft. Google
Webinar #5: Mobile indsigter og trends ft. Google Become A/S
 
Deploying & operating microservices
Deploying & operating microservicesDeploying & operating microservices
Deploying & operating microservicesThoughtworks
 
Website Migrations: Data is Everything
Website Migrations: Data is EverythingWebsite Migrations: Data is Everything
Website Migrations: Data is EverythingDaniel Bianchini
 
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19Aleyda Solís
 
De jornais impressos a plataformas online de conteúdo (APIs)
De jornais impressos a plataformas online de conteúdo (APIs)De jornais impressos a plataformas online de conteúdo (APIs)
De jornais impressos a plataformas online de conteúdo (APIs)Pedro Valente
 
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...HostedbyConfluent
 
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...CA Technologies
 
Common mistakes in serverless adoption
Common mistakes in serverless adoptionCommon mistakes in serverless adoption
Common mistakes in serverless adoptionYan Cui
 
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newman
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam NewmanINTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newman
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newmanapidays
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersJames Wickett
 
Camunda Con Live 2020 Keynote - Microservice Orchestration and Integration
Camunda Con Live 2020 Keynote - Microservice Orchestration and IntegrationCamunda Con Live 2020 Keynote - Microservice Orchestration and Integration
Camunda Con Live 2020 Keynote - Microservice Orchestration and IntegrationBernd Ruecker
 
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlon
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlonapidays LIVE JAKARTA - Event Driven APIs by Phil Scanlon
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlonapidays
 
Setting AMP for Success at #DigitalOlympus
Setting AMP for Success at #DigitalOlympus Setting AMP for Success at #DigitalOlympus
Setting AMP for Success at #DigitalOlympus Aleyda Solís
 
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]Link-Assistant.Com
 
Serverless a superpower for frontend developers
Serverless a superpower for frontend developersServerless a superpower for frontend developers
Serverless a superpower for frontend developersYan Cui
 
FinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economyYan Cui
 
What's Next in Financial Services Infrastructure Plumbing and APIs
What's Next in Financial Services Infrastructure Plumbing and APIs What's Next in Financial Services Infrastructure Plumbing and APIs
What's Next in Financial Services Infrastructure Plumbing and APIs Stephane Dubois
 
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...confluent
 

Similaire à AppSec & Microservices - Velocity 2016 (20)

Webinar #5: Mobile indsigter og trends ft. Google
Webinar #5: Mobile indsigter og trends ft. Google Webinar #5: Mobile indsigter og trends ft. Google
Webinar #5: Mobile indsigter og trends ft. Google
 
Deploying & operating microservices
Deploying & operating microservicesDeploying & operating microservices
Deploying & operating microservices
 
Website Migrations: Data is Everything
Website Migrations: Data is EverythingWebsite Migrations: Data is Everything
Website Migrations: Data is Everything
 
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19
Progressive Web Apps: Why you want one & how to optimize them #SMSSYD19
 
De jornais impressos a plataformas online de conteúdo (APIs)
De jornais impressos a plataformas online de conteúdo (APIs)De jornais impressos a plataformas online de conteúdo (APIs)
De jornais impressos a plataformas online de conteúdo (APIs)
 
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
Keynote: Sam Newman, Building Microservices | The Tyranny Of Data | Kafka Sum...
 
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...
End-to-End Continuous Delivery with CA Automic Release Automation and CA Serv...
 
Common mistakes in serverless adoption
Common mistakes in serverless adoptionCommon mistakes in serverless adoption
Common mistakes in serverless adoption
 
The Mobile Gap
The Mobile GapThe Mobile Gap
The Mobile Gap
 
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newman
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam NewmanINTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newman
INTERFACE by apidays - Microservices, APIs, and the Cost Of Change by Sam Newman
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defenders
 
Camunda Con Live 2020 Keynote - Microservice Orchestration and Integration
Camunda Con Live 2020 Keynote - Microservice Orchestration and IntegrationCamunda Con Live 2020 Keynote - Microservice Orchestration and Integration
Camunda Con Live 2020 Keynote - Microservice Orchestration and Integration
 
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlon
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlonapidays LIVE JAKARTA - Event Driven APIs by Phil Scanlon
apidays LIVE JAKARTA - Event Driven APIs by Phil Scanlon
 
Setting AMP for Success at #DigitalOlympus
Setting AMP for Success at #DigitalOlympus Setting AMP for Success at #DigitalOlympus
Setting AMP for Success at #DigitalOlympus
 
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]
The Speed Update: Faster is Better for Everyone [Aleh Barysevich, SMXeast 2018]
 
Serverless a superpower for frontend developers
Serverless a superpower for frontend developersServerless a superpower for frontend developers
Serverless a superpower for frontend developers
 
FinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economyFinDev as a business advantage in the post covid19 economy
FinDev as a business advantage in the post covid19 economy
 
What's Next in Financial Services Infrastructure Plumbing and APIs
What's Next in Financial Services Infrastructure Plumbing and APIs What's Next in Financial Services Infrastructure Plumbing and APIs
What's Next in Financial Services Infrastructure Plumbing and APIs
 
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...
I Don’t Always Test My Streams, But When I Do, I Do it in Production (Viktor ...
 
iphone app developers kansas
iphone app developers kansasiphone app developers kansas
iphone app developers kansas
 

Dernier

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmonyelliciumsolutionspun
 

Dernier (20)

Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine HarmonyLeveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
Leveraging DxSherpa's Generative AI Services to Unlock Human-Machine Harmony
 

AppSec & Microservices - Velocity 2016