Training: June 20–21, 2016
Tutorials: June 21, 2016
Keynotes & Sessions: June 22–23, 2016
Santa Clara, CA

AppSec and microservices

Sam Newman (Independent)
11:00am–12:30pm Tuesday, 06/21/2016
Infrastructure reimagined
Location: Ballroom CD Level: Intermediate
Average rating: ****.
(4.92, 13 ratings)

Prerequisite knowledge

Some understanding of microservices and infrastructure will be useful but is not essential. No working understanding of AppSec is needed.


This tutorial is for you because:
You are new to AppSec with a hands-on technical role and need to learn more.

Security is everyone’s job, even if you’re not a specialist. Microservices offer many options for securing your systems. Done right, microservices can increase the security of your vital data and processes. Done wrong, and they can increase the surface area of attack. Sam Newman explores the importance of defense in depth, discussing the many different ways in which you can secure your fine-grained, distributed architectures and outlining a model to show how developers can think about application security and how they can play their part. From there, Sam dives into the specific challenges in microservice architectures and explains how application security principles can be applied to these often much more complex application architectures. You’ll leave with a high-level framework for thinking about application security and tools that help with prevention, detection, response, and recovery, as well as the knowledge of what not to do when breaches happen.

Topics include:

  • The importance of prevention, detection, response, and recovery
  • Using attack trees to focus on the right things
  • The value of automation in ensuring systems can be easily rebuilt or recovered
  • Examples of what to do—and not to do—when breaches happen
Photo of Sam Newman

Sam Newman


Sam Newman is an independent consultant specializing in helping people ship software fast. Sam has worked extensively with the cloud, continuous delivery, and microservices and is especially preoccupied with understanding how to more easily deploy working software into production. For the last few years, he’s been exploring the capabilities of microservice architectures, and he’s worked with a variety of companies in multiple domains around the world, often with one foot in the developer world and another in the IT operations space. Previously, he spent over a decade at ThoughtWorks and then another year with a startup. Sam speaks frequently at conferences. He’s the author of Building Microservices (O’Reilly). If you’d like to get in touch, please email him.