Security for API/Microservice Architectures

Many organisations are changing their architectural approach to software. API based and microservice architectures are providing mechanisms for fast iteration and functionality deployment without the fragility and coupling that comes from working on older, complex monoliths.

While the benefits of these changes are clear, the implementation details can provide a range of security challenges.

This 2 day course will examine some of the specific security considerations that need to addressed when moving from monolith to micro-service, how to address them and the challenges you might encounter on the way.


This course is an Extension level course. All students are required to have a base level of security knowledge and may have attended an appropriate Foundation level course such as Security for Software Developers.

In addition, it is highly recommended that all students have basic practical experience with developing API or micro-service based systems.



This course builds upon basic application security principles and links them to the architectural features of API/micro-service systems.

Topics include:

  1. Service decomposition and coupling

  2. Risk in distributed architectures

  3. Use of third party components and services

  4. Authentication and authorization

  5. Vulnerability management

  6. API consumption models vs. threats

  7. Using API gateways securely

  8. Logging and monitoring

This course is designed to be hands on and interactive. Lecture material is combined with a range of custom built labs to test students and let them experiment with the vulnerabilities in action.


2 days (08:30 - 16:30)




Software Developers

Price per person

$1200 (excluding GST)