In a constantly evolving world, we can't have a predefined set of rules to apply in microservice design. Rather, we can have some predefined questions that we can ask ourselves to evaluate the overall system and processes. The following sections list of all the standard questions at various levels, which we can use as an evaluation checklist. Later, we will be upgrading our security as a solution to these questions.
We will begin at the very core—our microservice. Whenever we write any microservice to satisfy any business capability, once it is designed, we need to take care of whether the service is exposed to any vulnerabilities or not. The following questions can be asked to get a general idea about security at the application level:
- Is the system properly secured at all places or just at the boundaries?
- If an intruder sneaks in, is the system powerful enough to detect that intruder and throw him out...