I have worked on enterprise APIs being used by millions of users worldwide both as a Enterprise Security Architect and as a developer building these services. In this session, I will talk about Top 10 ways to design and build secure Microservices to protect your users and your reputation. This top 10 list includes:
1. Use the latest version of TLS
2. Designing a secure Infrastructure and Network whether on prem or in cloud
3. Best Practices in Authentication to authentication your clients or end users.
4. Authorization of your end users or clients so they get just the right access based on least privilege and need to know.
5. Protecting your APIs against Distributed Denial of Service by using patterns such as Rate Limiting, Throttling, Daily limits etc.
6. Alerting and Monitoring your APIs to detect abnormal patterns and security issues.
7. API resiliency that directly affects Availability of your Microservices.
8. Encrypting & Hashing sensitive data - at rest and/or in transit - in memory, in cache and in db, in transit, in UI
9. Key management security
10. Session Management best practices