Additional AuthZ Checks with Infrastructure Components

Authorisation checks in applications are an essential part of the implemented use cases. These checks are usually performed directly in the source code, mostly with the help of so-called cross-functional utilities. If there is a bug in these control routines that circumvents these checks, an attacker can gain unfiltered access to private data.

This session will show how authorisation checks can be handled by the infrastructure. After discussing why these additional checks are recommended (e.g. defence in depth), possible examples with infrastructure components will be shown. Concrete examples of ingress controllers such as Traefik or the Istio Ingress Gateway will be used to show how these options can be implemented. A concluding cost-benefit comparison will make it easier to assess the individual use of these additional checks in order to facilitate a possible deployment decision.

DevOpsCon:
Additional AuthZ Checks with Infrastructure Components

Teilen auf

Twitter Facebook LinkedIn

Michael Hofmann

Additional AuthZ Checks with Infrastructure Components

Teilen auf

Ihnen gefällt vielleicht auch

Microservices sinnvoll einsetzen

Multi-Mesh - Clustergrenzen überschreiten

Der Berg ruft! - Kubernetes angehen: Schritt für Schritt

Was tut sich in der Java-Welt?