diff --git a/contributions/essay/fseifert/Modern DevSecOps Security - Needed Security Services for MSAs.pdf b/contributions/essay/fseifert/Modern DevSecOps Security - Needed Security Services for MSAs.pdf new file mode 100644 index 0000000000..29565e47e4 Binary files /dev/null and b/contributions/essay/fseifert/Modern DevSecOps Security - Needed Security Services for MSAs.pdf differ diff --git a/contributions/essay/fseifert/README.md b/contributions/essay/fseifert/README.md index b77607dd40..1a29df32f6 100644 --- a/contributions/essay/fseifert/README.md +++ b/contributions/essay/fseifert/README.md @@ -1,14 +1,33 @@ -# Essay: Security of Microservices-based Applications (MSAs) -## Security on MSA's Layers Communication, Application and Service Orchestration +# Essay: Modern DevSecOps Security +## Needed Security Services for Security of Microservices-based Applications (MSAs) ### Members Felix Seifert (fseifert@kth.se) GitHub: [felix-seifert](https://github.com/felix-seifert) -### Proposal +### Description -To focus more on the security of microservices-based applications (MSAs) and strengthen the presence of DevSecOps, I want to describe the need of securing three layers of MSAs and ideas on how to implement them: communication, application and service orchestration. +The proposal can be found under the [PR #933](https://github.com/KTH/devops-course/tree/2021/contributions/essay/fseifert). -### Suitability of Topic +I did not describe the implementation details for the required security services. However, a table clearly states which +security services are needed, which security requirement they address and which MSA layer they deal with. -Martin mentioned the suitability of MSAs during the lecture. Furthermore, a [specific GitHub issue](https://github.com/KTH/devops-course/issues/11) mentions it. In addition to the suitability of project works about MSAs, the importance of security is already tremendously big and is an important part of DevSecOps. \ No newline at end of file +I am waiting for feedback from [amarhod](https://github.com/amarhod). + +With this essay, I aim for a distinction. I do not want to assess how good or bad I met the grading criteria. However, +I provide a list of how I think about the different aspects. + +* Format: The essay is in PDF format. +* Title: I changed the initial title to show the relevance for DevOps/DevSecOps. +* Well-structured: The structure of my essay is slightly similar to a research paper where I try to define everything before it is used. +* Introduction: I show the relevancy of the topic of MSA security for our course topics. From the stated problems, I derive a research question which the essay then answers. +* Conclusion: At the end of the essay, the research question is answered and it is shown how a DevSecOps engineer can benefit from the results. +* Self-contained: The essay assumes that a computer science Master's student has the knowledge on what the eventual security services are and how they can be implemented. +* Innovative: The essay does not show groundbreaking new ideas on how to implement MSA security. However, the essay clearly summarises which security services have to be implemented. +* Figures: The two figures and the table are simple to understand and do not have any distracting elements. They complement the text and are not superfluous. +* Sound: The essay is proofread and understandable by non-computer scientist. +* References: The 15 references are mostly research papers which where also cited by other research papers. The non-research reference is a well known computer scientist. The number is more than the requested minimum but also shows a clear selection of references. +* Elegant: The essay is built with LaTeX. It does not use a plain standard template and shows a clear association to KTH. +* Relevant: The relevance is explained in the introduction. + +The essay can be found in the file [Modern DevSecOps Security - Needed Security Services for MSAs.pdf](Modern%20DevSecOps%20Security%20-%20Needed%20Security%20Services%20for%20MSAs.pdf).