Security in the Microservices Paradigm

Zach Gardner Architecture, Microservices Leave a Comment

One of the least glamorous aspects of implementing a Microservices architecture is the security. It’s not fun or cool when compared to things like the circuit breaker or service discovery, yet it is a critical piece of the ecosystem especially in an enterprise setting.

I’m working on a large Microservices project for a healthcare enterprise on the East Coast. One of the first pieces of the infrastructure we assisted with was security, which has turned out to be a lifesaver for everything that has come after it. I was able to see what security works well as well as what does not work so well in a Microservices environment. In this blog post, I will share a medium to high-level look into how security can be implemented in Microservices.



JSON Web Tokens

JSON Web Tokens With Spring Cloud Microservices

Thomas Kendall Java, JavaScript, Microservices, Security 5 Comments

At Keyhole, we have published several blogs about Microservices. We’ve talked about architectural patterns used in a Microservices environment such as service discovery and circuit breaker. We’ve even posted blogs on platforms and tools, such as the recent blog on Service Fabric. One important piece of the architecture that we have glossed over is the security around Microservices. Specifically, authentication …



Don’t Hate the HATEOAS Part Deux: Springtime for HATEOAS

Billy Korando Java, Spring, Technology Snapshot Leave a Comment

In the much belated conclusion to my series on HATEOAS, we will be diving into how to implement HATEOAS using Spring-Data-REST and Spring-HATEOAS. It is springtime for HATEOAS! I put together a functioning project that will demonstrate the code examples I have below as well as a few other features. The project can be found here: https://github.com/in-the-keyhole/hateoas-demo-II. JDK 8 and Maven are …



Don’t just randomize, truly randomize!

Vince Pendergrass Java, JavaScript, Security, Technology Snapshot Leave a Comment

The state of web application cryptography has changed, and each development language provides its own way of working with it. I will touch on the current state of random number generation and the differences found with it within the Java and JavaScript development languages. When designing and building web applications, security concerns obviously play a crucial role. The term security …



Top 10 Web Application Security Risks From OWASP

Todd Horn Security Leave a Comment

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Every few years the organization publishes a top 10 list on web application security risks. First released back in 2003, …