Securing Cloud Native Apps

A no-fluff guide to implementing best practices for securing cloud native services.

This book teaches you best practices for building a scaled cloud native security program, with a focus on microservices security. You'll be guided through every step of developing and deploying security infrastructure in a cloud native software development environment, using modern, cutting-edge security tenets. In later chapters, you'll put all of these skills together in a case study from the author's first-hand experience as engineers and technical managers. This vendor-agnostic book relies on open source software and in-house tools you can scale up or down for your own organization's requirements.

Along the way, you'll learn to:

• Perform threat monitoring to understand the security properties and risks of cloud native environments
  
• Implement secure authorization and authentication with cloud native patterns
  
• Use runtime monitoring to catch and stop attacks
  
• Implement secrets management and build secure network and services meshes
  
• Think like a security engineer at scale to effectively plan secure designs
  

Each chapter provides step-by-step explanations of vital concepts, practical examples, common security mistakes, and quizzes to test your knowledge. Whether you're a one-person security team or part of a larger organization, this book equips you with the skills to build a scaled cloud native security program.

一本實用指南，教你如何實施保護雲原生服務的最佳實踐。

本書教授你建立規模化雲原生安全計劃的最佳實踐，尤其關注微服務安全。你將被引導完成在雲原生軟體開發環境中開發和部署安全基礎設施的每一個步驟，並使用現代、尖端的安全原則。在後面的章節中，你將通過作者作為工程師和技術經理的第一手經驗，將所有這些技能應用於一個案例研究中。這本與供應商無關的書籍依賴於開源軟體和內部工具，你可以根據自己組織的需求進行擴展或縮減。

在學習的過程中，你將學會：
- 進行威脅監控，了解雲原生環境的安全特性和風險
- 使用雲原生模式實施安全授權和身份驗證
- 使用運行時監控來檢測和阻止攻擊
- 實施密鑰管理，構建安全的網絡和服務網格
- 以規模化的方式思考安全工程，有效規劃安全設計

每一章都提供了關鍵概念的逐步解釋、實際示例、常見的安全錯誤以及測驗來測試你的知識。無論你是一個獨立的安全團隊還是屬於一個大型組織，本書都將使你具備建立規模化雲原生安全計劃的技能。

Nick Reva is a security engineer, author, teacher and builder that loves growing and leading security engineering teams for the world's most ambitious engineering organizations. Over the last 10 years, Reva has led security engineering teams to build highly scalable security and services and defenses in cloud native environments at Snapchat and previously SpaceX. Reva has a Masters degree in Security Engineering and advises several companies including HackerOne, Arkose Labs and DeepFence. In 2021, he authored a Microservices Security course with Udacity that has been enjoyed by over 2,000 students.

Shrikant Pandhare is an engineering manager, leading infrastructure security at Snap, Inc. He is passionate about cloud security monitoring, cross-cloud access patterns, Kubernetes security, and securing a cloud fleet at scale. Previously, Pandhare led security initiatives at Splunk. He has also helped to secure middleware applications and build the cloud identity service at Oracle.

Michael Anderson is a security engineer and one of the founding members of the production security team at Snapchat. Anderson has presented at several national conferences, including DEFCON. He also started the Kubernetes Security team at Snapchat, leading the security effort on new infrastructure models.

Nick Reva 是一位安全工程師、作家、教師和建設者，熱愛為全球最具野心的工程組織培養和領導安全工程團隊。在過去的10年中，Reva帶領安全工程團隊在Snapchat和之前的SpaceX建立了高度可擴展的安全服務和防禦措施，並在雲原生環境中進行了部署。Reva擁有安全工程碩士學位，並為HackerOne、Arkose Labs和DeepFence等多家公司提供諮詢服務。在2021年，他與Udacity合作編寫了一門微服務安全課程，已經受到2000多名學生的喜愛。

Shrikant Pandhare 是Snap, Inc.的基礎設施安全工程經理，負責領導基礎設施安全工作。他對雲安全監控、跨雲訪問模式、Kubernetes安全以及大規模保護雲端資源非常熱衷。在此之前，Pandhare曾在Splunk領導安全項目，並協助保護Oracle的中間件應用程序和構建雲身份服務。

Michael Anderson 是一位安全工程師，也是Snapchat生產安全團隊的創始成員之一。Anderson曾在多個國家級會議上發表演講，包括DEFCON。他還在Snapchat創建了Kubernetes安全團隊，領導了新基礎設施模型的安全工作。