Solution Overview

As the tech industry make a shift from monolithic apps to microservices, two aspects of app delivery are very important: the speed with which the services are delivered and the security of the services. While microservices can be more secure, the architecture can create new attack vectors, as what were once internal API calls for monolith – and are now delivered across the network, and sometimes across the internet, to other services.

Since microservices are running via HTTP, the security concerns of traditional application security translate directly to microservices. Data injection attacks, cross-site scripting, privilege escalation and command execution are still relevant. Additionally, if the microservices don't have sufficient monitoring in place or defenses built in, business logic attacks can go undetected.

This lab addresses the security concerns for microservices by introducing NGINX security modules like NGINX Plus ingress container with NGINX App Protect(NAP) and NGINX API Gateway with NAP.

Lab Diagram