Your organizations information is at risk. Learn how to protect it at SANS Minneapolis - August 12-17.


To attend this webcast, login to your SANS Account or create your Account.

Hardening Microservices Security: Building a Layered Defense Strategy

  • Wednesday, September 21st, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • Dave Hoelzer and Matthew Silverlock
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • CloudFlare

You can now attend the webcast using your mobile device!


Microservices architecture is forcing developers to not only rethink how they design and develop applications, but also common security assumptions and practices.

With the decomposition of traditional applications, each microservice instance represents a unique network endpoint, creating a distributed attack surface that is no longer limited to a few isolated servers or IP addresses.

In this webinar we will discuss:

  • How microservices differ from SOA or monolithic architectures
  • Best practices for adopting and deploying secure microservices for production use
  • Avoiding continuous delivery of new vulnerabilities
  • Limiting attack vectors on a growing number of API endpoints
  • Protecting Internet-facing services from resource exhaustion

Speaker Bios

David Hoelzer

David Hoelzer is a SANS fellow instructor, courseware author and dean of faculty for the SANS Technology Institute. In addition to bringing the GIAC Security Expert certification to life, he has held practically every IT and security role during his career. David is a research fellow in the Center for Cybermedia Research, the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), and the Internet Forensics Lab. Currently, David serves as the principal examiner and director of research for a New York/Las Vegas-based incident response and forensics company and is the chief information security officer for an open source security software solution provider.

Matthew Silverlock

Matt Silverlock is a Solutions Engineer at CloudFlare, working with customers large-and-small to help secure their websites. He's also an active contributor to a handful of open-source projects that relate to securing REST APIs (and therefore, micro-services) and web services, and making it as easy as possible to do so. Prior to CloudFlare, Matt was a Telecoms Engineer working in the SCADA and radio communications industry.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.