October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Microservices and security

Sam Newman (Independent)
9:00am–12:30pm Monday, 10/31/2016
Tools and processes
Location: Trianon Ballroom Level: Beginner
Average rating: ***..
(3.50, 2 ratings)

Prerequisite knowledge

  • A basic understanding of microservices and/or distributed systems (useful but not required)

What you'll learn

  • Understand the aspects of security that microservices make easier—and harder
  • Explore specific examples of tools and techniques that can be used to secure microservice architectures
  • Learn a generic model for thinking about appsec, with specific examples of these used in a microservice context


Security is everyone’s job, even if you’re not a specialist. Sam Newman shares a model that shows how developers can think about application security and play their part. From there, Sam explores the specific challenges in microservice architectures and explains how application security principles can be applied to these often much more complex application architectures.

Topics include:

  • The importance of prevention, detection, response, and recovery
  • Using attack trees and other threat modeling techniques to focus on the right things
  • The value of automation in ensuring systems can be easily rebuilt or recovered
  • Examples of what to do—and what not to do—when breaches happen
  • A discussion of in-transit and at-rest encryption of data, including secret storage systems like vault
  • Comparing different authentication and authorization systems, including challenges around the confused deputy problem
Photo of Sam Newman

Sam Newman


Sam Newman is an independent consultant specializing in helping people ship software fast. Sam has worked extensively with the cloud, continuous delivery, and microservices and is especially preoccupied with understanding how to more easily deploy working software into production. For the last few years, he has been exploring the capabilities of microservice architectures. He has worked with a variety of companies in multiple domains around the world, often with one foot in the developer world and another in the IT operations space. Previously, he spent over a decade at ThoughtWorks and then another year with a startup. Sam speaks frequently at conferences. He is the author of Building Microservices (O’Reilly). If you would like to get in touch, please email him.