Discuss this topic in Circle
Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.View discussion community
Participate in Application Containers and Microservices Research
This working group is a subgroup of the DevSecOps working group. The mission of this subgroup is to conduct research on the security of application containers and microservices and publish guidance and best practices for the secure use of application containers and microservices.
Securing Application Containers and Microservices
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Microservices Architecture Pattern
This document serves to propose a repeatable approach to architecting, developing and deploying Microservices as a “MAP” (Microservices Architecture Pattern). The proposed MAP contains all the information necessary for a microservice to operate independently and communicate with other microservices which, in aggregate, become capabilities which, in turn, become the components of an application. This paper describes the key elements of the MAP, how they should be designed and deployed, shifting security & compliance left via a continuous compliance-as-code approach.
Best Practices for Implementing a Secure Application Container Architecture
Learn CSA’s recommendations and best practices to address the challenges in securing application containers in the engineering of trustworthy secure systems. This document is intended to be a companion document to Challenges in Securing Application Containers and Microservices as it provides recommendations and best practices to address those challenges. Recommendations were developed through extensive collaboration among a diverse group with strong knowledge and practical experience in information security, operations, application containers, and microservices.
Best Practices in Implementing a Secure Microservices Architecture
Learn best practices for securing microservices in the engineering of trustworthy secure systems. This paper provides the background for the evolution of the microservices architecture, its advantages compared with the previous architectures and the new challenges posed in terms of configuration and security. It also describes the benefits of microservices architecture and provides specific use cases where it enjoys advantages over “service-oriented architecture” (SOA. The security and configuration challenges identified for microservices architecture forms the basis for the issues addressed in the rest of this document.