AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Thursday, January 23 • 11:55am - 12:45pm
Solving trust issues at scale

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Microservices are social constructs: they can’t function without talking with other services. This also raises an interesting question: do we trust all of our microservices?

Not all microservices are the same: some are more sensitive - for example, services that handle personal user data or payment information. Others are user-facing and therefore riskier. We shouldn’t treat all services as equal. A robust mechanism that describes who can talk with who is required.

We have been dealing with this challenge for a while at Soluto. In this talk, I’ll share the journey we went through until we found a solution we’re happy with: a simple and declarative system that allows services to define who can access them. Any dev can request access to any service, and the service owner can review it. I’ll share how we build this solution (including all the technical details and live demos!), using open source tools like Open Policy Agent, so you can easily build something similar.

avatar for Omer Levi Hevroni

Omer Levi Hevroni

DevSecOps Engineer, Soluto by Asurion
I’m coding since 4th grade when my dad taught me BASIC, and I got hooked. From that point, I learned to code in many programming languages (today my favorite is C#). Today I’m working at Soluto by Asurion, and coding is a huge part of my day job.My passion for AppSec started by... Read More →

Thursday January 23, 2020 11:55am - 12:45pm PST
Sand and Sea Room