Architectural Design Patterns Focus: Security Deep Dive

The full-day workshop on Security Architectural Patterns will commence with a comprehensive overview of various kinds of attacks and a discussion of notable historical incidents. Participants will delve into defensive architectural patterns such as the Gateway and Ambassador Patterns, followed by the Shift Left approach, which emphasizes integrating security measures early in development. Practical sessions will cover creating small Docker images to minimize vulnerabilities and managing certificates with Public Key Infrastructure (PKI). The workshop will also explore advanced security mechanisms, including the Valet Key pattern, JSON Web Tokens (JWT), and the practices recommended by the Open Web Application Security Project (OWASP).

As the day progresses, the focus will shift to securing supply chains using Software Bill of Materials (SBOMs), implementing mutual TLS (mTLS), and utilizing Simple Authentication and Security Layer (SASL) protocols. Role-Based Access Control (RBAC) will be examined to restrict system access to authorized users. Essential scanning and monitoring tools will be highlighted to ensure continuous security oversight. The workshop will conclude by reevaluating the notable attacks discussed earlier, analyzing how the security strategies and tools covered throughout the day could have prevented such breaches.

About Daniel Hinojosa

Daniel is a programmer, consultant, instructor, speaker, and recent author. With over 20 years of experience, he does work for private, educational, and government institutions. He is also currently a speaker for No Fluff Just Stuff tour. Daniel loves JVM languages like Java, Groovy, and Scala; but also dabbles with non JVM languages like Haskell, Ruby, Python, LISP, C, C++. He is an avid Pomodoro Technique Practitioner and makes every attempt to learn a new programming language every year. For downtime, he enjoys reading, swimming, Legos, football, and barbecuing.

More About Daniel »