@inproceedings{19a4677a68e147c692d898c3c00ed853,
title = "Microservices Security: Bad vs. Good Practices",
abstract = "The microservice architectural style is widespread in enterprise IT, making the securing of microservices a crucial issue. Many bad practices in securing microservices have been identified by researchers and practitioners, along with security good practices that, if adopted, allow to avoid the corresponding security issues. However, this knowledge is scattered across multiple pieces of white and grey literature, making its consulting complex and time consuming. We present here the results of a multivocal literature review that analyzes 44 primary studies discussing bad and good practices for microservice security. We were able to identify four bad and six good practices, and to associate each bad practice with specific bad smell(s) that signal it and with good practice(s) that avoid incurring in it. The resulting mapping between bad and good practices for microservice security can help practitioners and researchers to explore the systematic securing of microservice-based applications.",
keywords = "bad practices, good practices, microservices, security",
author = "Francisco Ponce and Jacopo Soldani and Hern{\'a}n Astudillo and Antonio Brogi",
note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.; 16th European Conference on Software Architecture, ECSA 2022 ; Conference date: 19-09-2022 Through 23-09-2022",
year = "2023",
doi = "10.1007/978-3-031-36889-9_23",
language = "English",
isbn = "9783031368882",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "337--352",
editor = "Thais Batista and Claudia Raibulet and Tomas Bures and Henry Muccini",
booktitle = "Software Architecture - ECSA 2022 Tracks and Workshops, Revised Selected Papers",
address = "Germany",
}