- Get link
- Other Apps
1) Zero Trust
2) Mitigate the critical security vulnerabilities by considering the OWASP top 10 recommendations
Zero Trust
There are many definitions on the internet, but I would like to define it in a few sentences with simple words.
“Do not trust on anyone and by default deny all requests, accept request based on the least and only required permission to access any resource”
In microservice architecture multiple microservices communicate with each other hence the attack surface of the network is greatly increased.
It is important to understand that how API Gateway, Identity Provider and APIs can be used to secure service-to-service communications in a zero trust environment.
API Gateway will be responsible to handle the security at the edge of network, but each service should also be responsible at the edge of service level.
You can mitigate vulnerabilities by effectively using the:
- API Gateway
- Identity Provider
- Cryptography Implementation
- Certificates
- Secure Encryption
- Salted hashing
- Data masking
- Logging Tools
- Monitoring Tools
- Scanning Tools
- Controlled Deployment with CI/CD tools
You can mitigate above vulnerability by implementing good policies for:
- Coding
- Code Review
- Regularly reviewing the software version including the dependent tools
- Proper logging of the API requests
- Continue monitoring the different failure scenarios
By implementing all above and implementing the zero trust, you can properly secure your APIs and Microservices.
Comments