Attacking the microservice systems: methods and practical tips

The presentation focuses on providing practical tips for conducting a basic security assessment of microservice-based systems to find microservice-specific vulnerabilities.

• Microservice architecture is increasingly used for designing and implementing application systems, but it brings new security architecture patterns and approaches that may lead to vulnerabilities
• The presentation provides approaches and practical tips for conducting a basic security assessment of microservice-based systems to find microservice-specific vulnerabilities
• The research results were extracted during multiple security assessments, collected, structured and contributed to the OWASP community

N/A

Abstract:The microservice architecture is being increasingly used for designing and implementing application systems in both cloud-based and on-premise infrastructures for different purposes from small “startup” business process to large-scale telecommunications. But the microservices bring new security architecture patterns and approaches that completely change the attack surface and may lead to vulnerabilities. This presentation focuses on approaches and practical tips on how to provide a basic security assessment of microservice-based systems to find microservice-specific vulnerabilities. Our research results were extracted during multiple security assessments, collected, structured and contributed to the OWASP community.