Microservice architectures: it starts with secure design

We’re excited to launch our newest SafeStack Secure Development course today: Designing Secure Microservice Architectures.

Those of us with experience in new, smaller teams might have already had experience with building microservices.  If you are in a large, longstanding organisation going through a big cloud transformation, you might have seen the term floated around a few times.

This architecture model has been growing in popularity since early 2010s and is not going to slow down any time soon. That means it is time to start thinking about how we might design and build microservices — securely.

When we started writing this course, we quickly noticed there is a lot to learn here. We didn’t want to assume that people taking these courses already knew all there is to know about microservices— after all, in the grand scheme of things, it is still quite a new concept.

We decided to break this course down into our first, two mini-courses.  This means the courses are shorter, but are more focused on the role you might play in your development team.

SafeStack COO Erica Anderson shares the thinking that went into creating this microservice and API mini-course series, and how you can leverage the super powers you already have to bring security into your microservice designs.

Building microservices starts with secure design

I have worked with many organisations, from the small team of 3 to the large global product company. A common theme I have noticed is the use and focused adoption of microservice and API-based architecture models.

If we borrow some words from a SafeStack friend and microservice expert, Sam Newman: a microservice is a small autonomous service that works together with other services, modelled around a business domain.

The smaller teams have the benefit of not having to deal much with moving to this model from a legacy, monolithic environment. Larger teams have the benefit of having some quite big challenges and transformation programmes, which tends to attract new talent who might be well versed in the art of microservices.

Another theme we see, regardless of size, is that a majority of people involved in development process are not as familiar with microservices or are not sure where security comes into this architecture model. This is where the inspiration for this course came from. It is one of our most highly requested courses in the past year!

Where do we begin

There is a lot of cover when it comes to security and microservices, and what’s relevant depends on what role the learner plays on the development team. So we brought this course right to the very beginning and decided to break it down into smaller, shorter mini-courses.

We are starting this mini-course series off with designing secure microservices. Even if you don’t play the architect on your development team, this first course lays the groundwork for some terminology, engineering principles, and technology that would be beneficial for anyone to know.

The team and I built this course with the intent that anyone on the team – from Product Owner to Engineer to Tester to Architect — could understand what microservices were and how they can be secured from the very beginning.

About our Designing Secure Microservice Architectures course

In this course, we will cover the fundamentals of microservices, the secure design principles that you will use, and the different risks and threats you face with this new architecture model.

Covering a range of key areas, in this 1 hour course you’ll learn how to: 

  • Set a solid foundation of microservices in general by understanding common terminology, technology, principles, and concepts.
  • Understand the difference between monolithic and microservice architecture models.
  • Identify where security adds value, and how to turn your design principles into secure design principles.
  • Understand the security risks and threats that specifically apply to microservices.
  • Use superpowers you already have, like threat modelling, to identify security risks and threat early in your development.
  • Apply that understanding to a few practical case studies and examples.

Who is this course for?

This course is for anyone who wants to design secure microservices and is looking to nab our Secure Software Architect Level 2 badge.

We recommend this course once you complete the Threat Assessment for Software Development course as it contains quite a few concepts that we expand on in this new course.

You can access this course by becoming a member of SafeStack.

We love to hear from you

We hope this course will give you practical ways to build security testing into your practice, and we’d love to hear your feedback. Drop us a line on support@safestack.io and let us know what you think.


More Posts

Start your free trial today

Sign up for a 14-day trial of our team plan and invite your whole team. 

No credit card required.