Building Patterns for Secure Micro-Services with Joe Gerber

Agenda:

6:00 - 6:30 Food, drinks, and networking
6:30 - 7:00 Chapter business and group discussion
7:15 - 8:00 Featured presentation
8:00 - 9:00 Q&A and networking

Featured Presentation:
So, you've committed to a micro-services journey? Well done! But what does that mean from a security point of view? Whether you are decomposing a monolith or building in a green field there are a plethora of design decisions to be made, many of which have security implications. But is there a well vetted catalog of well-known patterns and relevant security implications to draw from? In civil engineering, one can look up a pattern for a truss that is known to hold a given amount of weight, and has worked for centuries. In electrical engineering, one can look up a pattern for a circuit that actually works. In software engineering, is there a way to build appsec design patterns so that software will have consistent, repeatable levels of security? The promises of a micro-services architecture are many, and include: shorter time-to-value to deliver new features (faster innovation), simpler ops/maintenance/testing, greater resilience to failure, etc. But the reality is that many initial forays into microservices simply reproduce complicated webs of interdependence and implicit trusts. The result is complex systems that are likely to fail in interesting ways when under stress. To gain the benefits of microservices and deliver on the vision of simplicity, reliability, security and speed, we need a catalog of generic design patterns for microservices and microservice interactions. Drawing from a combination of software design patterns, cloud security good practices, and industry thought leadership (Jericho Forum, Zero-Trust, BeyondCorp, etc.) we will present an initial set of patterns designed to start the conversation and inspire collaboration and contribution. Join us as we discuss how to create a software design pattern stack, test it, and redesign it to evolve a repeatable, usable framework for software security. We will walk through version zero of our cloud-based, micro service architecture as a straw-man example of this concept of evolving software security as a discipline of engineering and science, rather than as guess-work to be created under deadline pressure. The (old) pattern is dead, long live the (new) pattern!

Speaker:
Joe Gerber has over a decade of app sec experience, and came up through the ranks as a software engineer, software designer and architect. He is passionate about creating software design patterns that can improve how software works. He was first inspired to get into security full time at a Denver SnowFROC conference years ago, and is grateful to OWASP for the ongoing inspiration.