Securing Serverless Apps, APIs & Microservices

When moving to the cloud, even big enterprises still make mistakes by not having the needed security in place right from the start.

This can lead to severe security breaches and loss of your customers' data. Don't let that happen to you!

By learning and applying current security best practices you'll make an important step towards public-cloud-readiness and a future-proof ""Zero Trust"" architecture.

After the workshop you'll have created a production-ready, secure and GDPR-compliant setup that you can easily build upon and extend.

For that we'll use the Identity Provider Auth0, Azure Functions and the secrets management system Azure Key Vault but the concepts can easily be applied to other vendors' products.

You will learn:

• Fundamentals of modern Authentication & Authorization with OAuth 2 & OpenID Connect
• Secure a serverless API
• Access a secured API from a browser-based (Angular) web application
• Access a secured API from within a microservice
• Apply RBAC (Role Based Access Control)
• Completely automated deployment of App, APIs and Identity Provider configuration using IaC (Infrastructure as Code)

• Installations (current versions)
• • Chrome browser or Brave browser
  • Visual Studio Code
  • Visual Studio Code Extensions
  • • RESTClient
    • Azure (Functions)
  • Node.js, npm
  • Azure Functions Core Tools
  • Auth0 deploy tool
• Accounts
• • Auth0 account (free)
  • • Auth0 extensions
    • • Auth0 Deploy CLI
  • Azure account (free, but credit card needed) you might run into deployment errors if you use your company’s restricted account/subscription
  • Pulumi (free)
• Technical knowledge
• • Very basic programming in TypeScript
  • Basic concepts of the Web, HTTP, JSON, Browsers, Cookies