Microservices Security in Action teaches readers how to secure their microservices applications code and infrastructure. After a straightforward introduction to the challenges of microservices security, the book covers fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, readers explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA). Key Features Key microservices security fundamentals Securing service-to-service communication with mTLS and JWT Deploying and securing microservices with Docker Using Kubernetes security Securing event-driven microservices Using the Istio Service Mesh For developers well-versed in microservices design principles who have a basic familiarity with Java. About the technology As microservices continue to change enterprise application systems, developers and architects must learn to integrate security into their design and implementation. Because microservices are created as a system of independent components, each a possible point of failure, they can multiply the security risk. Prabath Siriwardena is the vice president of security architecture at WSO2, a company that produces open source software, and has more than 12 years of experience in the identity management and security domain. Nuwan Dias is the director of API architecture at WSO2 and has worked in the software industry for more than 7 years, most of which he spent focusing on the API management domain. Both have helped build security designs for Fortune 500 companies including Boeing, Verizon, Nissan, HP, and GE.

Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs. Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits. Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first edition of this book, and the growth of standards has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for standards, and this book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitation and attack. What You Will Learn Securely design, develop, and deploy enterprise APIs Pick security standards and protocols to match business needs Mitigate security exploits by understanding the OAuth 2.0 threat landscape Federate identities to expand business APIs beyond the corporate firewall Protect microservices at the edge by securing their APIs Develop native mobile applications to access APIs securely Integrate applications with SaaS APIs protected with OAuth 2.0 Who This Book Is For Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.

Get started with the essentials of Apache Maven and get your build automation system up and running quickly About This Book * Explore the essentials of Apache Maven essentials to arm yourself with all the ingredients needed to develop a comprehensive build automation system * Identify the extension points in Apache Maven and learn more about them in-depth * Improve developer productivity by optimizing the build process with best practices in Maven using this compact guide Who This Book Is For The book is ideal for for experienced developers who are already familiar with build automation, but want to learn how to use Maven and apply its concepts to the most difficult scenarios in build automation. What You Will Learn * Comprehend the key concepts in Apache Maven * Build your own custom plugins and get to know how Maven extension points are used * Troubleshoot build issues with greater confidence * Optimize Maven's configuration settings * Write custom lifecycles and extensions * Get hands-on and create a Maven assembly * Explore the best practices to design a build system that improves developer productivity In Detail Maven is the #1 build tool used by developers and it has been around for more than a decade. Maven stands out among other build tools due to its extremely extensible architecture, which is built on of the concept of convention over configuration. It's widely used by many open source Java projects under Apache Software Foundation, Sourceforge, Google Code, and more. Maven Essentials is a fast-paced guide to show you the key concepts in Maven and build automation. We get started by introducing you to Maven and exploring its core concepts and architecture. Next, you will learn about and write a Project Object Model (POM) while creating your own Maven project. You will also find out how to create custom archetypes and plugins to establish the most common goals in build automation. After this, you'll get to know how to design the build to prevent any maintenance nightmares, with proper dependency management. We then explore Maven build lifecycles and Maven assemblies. Finally, you will discover how to apply the best practices when designing a build system to improve developer productivity. Style and approach This book is a practical and compact guide that will show you how to use Apache Maven in an optimal way to address enterprise build requirements. It provides technical guidance to get you started with Maven and build automation.

If you are working with Java or Java EE projects and you want to take full advantage of Maven in designing, executing, and maintaining your build system for optimal developer productivity, then this book is ideal for you. You should be well versed with Maven and its basic functionality if you wish to get the most out of the book.