Secure my Socks: Exploring Microservice Security in an Open Source Sock Shop

Abstract

Microservices are often lamented as “providing enough rope to hang yourself”, which gives the impression that microservices are inherently insecure. But if we do microservices right, we can improve security with a range of measures all designed to prevent further intrusion and disruption.

In this talk, you will discover a reference microservices architecture - the sock shop - which we will abuse in order to investigate microservice security on the Kubernetes orchestrator and Weave Net, a software-defined networking product from Weaveworks. Despite covering a range of topics, it will focus on the demonstration of two key areas: network policy and secure containers.

This talk is intended for a technical audience such as engineers, developers and architects, but will be of interest to anyone who has a stake in application and information security.

You will leave this talk with not only an understanding of some aspects of microservice security but also the knowledge of how to implement these findings. Furthermore, you will be able to test and demonstrate these ideas yourself through the use of a reference microservices application on an orchestrator of your choice.