Microservices Security: Bad vs. Good Practices

Francisco Ponce, Jacopo Soldani, Hernán Astudillo, Antonio Brogi

Producción científica: Contribución a los tipos de informe/libroContribución a la conferenciarevisión exhaustiva

Resumen

The microservice architectural style is widespread in enterprise IT, making the securing of microservices a crucial issue. Many bad practices in securing microservices have been identified by researchers and practitioners, along with security good practices that, if adopted, allow to avoid the corresponding security issues. However, this knowledge is scattered across multiple pieces of white and grey literature, making its consulting complex and time consuming. We present here the results of a multivocal literature review that analyzes 44 primary studies discussing bad and good practices for microservice security. We were able to identify four bad and six good practices, and to associate each bad practice with specific bad smell(s) that signal it and with good practice(s) that avoid incurring in it. The resulting mapping between bad and good practices for microservice security can help practitioners and researchers to explore the systematic securing of microservice-based applications.

Idioma originalInglés
Título de la publicación alojadaSoftware Architecture - ECSA 2022 Tracks and Workshops, Revised Selected Papers
EditoresThais Batista, Claudia Raibulet, Tomas Bures, Henry Muccini
EditorialSpringer Science and Business Media Deutschland GmbH
Páginas337-352
Número de páginas16
ISBN (versión impresa)9783031368882
DOI
EstadoPublicada - 2023
Publicado de forma externa
Evento16th European Conference on Software Architecture, ECSA 2022 - Prague, República Checa
Duración: 19 sep. 202223 sep. 2022

Serie de la publicación

NombreLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volumen13928 LNCS
ISSN (versión impresa)0302-9743
ISSN (versión digital)1611-3349

Conferencia

Conferencia16th European Conference on Software Architecture, ECSA 2022
País/TerritorioRepública Checa
CiudadPrague
Período19/09/2223/09/22

Áreas temáticas de ASJC Scopus

  • Ciencia computacional teórica
  • Ciencia de la Computación General

Huella

Profundice en los temas de investigación de 'Microservices Security: Bad vs. Good Practices'. En conjunto forman una huella única.

Citar esto