I am a technology consultant specialized in Microservices Architecture and Cloud Technologies. I have 18+ years of experience in designing and developing enterprise softwares.

Technical Skills

  • Softwares — Microservices, Web based Applications…

Microservices is an architecture pattern that is realized through a set of patterns and technologies. This article sets the foundation for our series which helps in understanding each of these patterns along with their sample implementations. Our exercise-driven learning series is based on Spring Boot, Spring Cloud, and the related technologies.

Image by Arek Socha from Pixabay

Before we jump into the world of Microservices, let's spend some time understanding the fundamentals. As it involves, a multitude of technologies, it's easy to lose track. If you think, you are already aware of the fundamentals, associated patterns, and frameworks, you can skip it and move to the series directly.

What is Microservices?

The new architecture pattern is been adopted by almost all sizes of organizations, be it small, medium, or large. Organizations have started realizing the value of it. In spite of such widespread adoption of this pattern, it's unfortunate, there is no consistent definition of Microservices.

One of the early…

In this article, we are going to understand the fundamentals of Centralized Configuration Service based on Spring Cloud Config. We will do the sample implementation based on Spring Boot & Spring Cloud.

Photo by Rima Kruciene on Unsplash

Spring Cloud Config is one of the Spring Cloud Projects. This is directly mapped to one of the important patterns of Microservice Architecture — Centralized Configuration Service. This provides the means to centralize and manage the externalized configurations across different applications/services in a distributed system.

We will walk through this topic in the following steps

I have also published a video on this topic. Do check it out, especially if you are not into reading much :)

Understanding Traditional Configuration Options and Challenges

Configurations increase the flexibility of our applications(services). We…

In this article, we will try to understand the fundamentals of Spring Cloud Gateway which represents one of the most important patterns in the Microservices Architecture — API Gateway. We will create sample implementations based on Spring Boot & Spring Cloud Gateway. This is the fifth part of our Spring Boot Microservices series.

Photo by Zetong Li on Unsplash

API Gateway

Spring Cloud Gateway provides a library to build an API Gateway. This is the preferred gateway implementation provided by Spring Cloud. It's built with Spring 5, Spring Boot 2, and Project Reactor.

To understand the offerings of Spring Cloud Gateway we must understand the API Gateway pattern in detail. Let's assume, we are implementing the microservices architecture for our e-commerce system. One of the microservices in the system is Product Catalog Service, which is responsible to manage product lifecycle through — create, update, delete, and get operations. Let’s go through some common scenarios, we might come across —

Scenario 1 — Multiple Versions of Service

In this article, we will learn the fundamentals of one of the must pattern in the Microservices world — Circuit Breaker. We will do the sample implementation based on Spring Boot, Spring Cloud & Resilience4j. This is the sixth part of our Spring Boot Microservices series.

What is Circuit Breaker?

As the name suggests, the pattern derives its inspiration from the electrical switches, which are designed to protect an electrical circuit from damage, caused by excess current from an overload.

When a particular microservice or resource is not responding, this pattern helps in registering the fault, switching off the communication, and restoring it back when the service is ready to serve the requests. This helps the microservice ecosystem in multiple ways —

  1. It handles the service failure and exits gracefully
  2. It helps in reducing the overload on the service, which is already stressed
  3. It stops the spread of failure across…

In this article, I am going to cover three important principles we must keep in mind while modeling microservices.

Microservices Modeling — Fundamental Principles

The very first step in developing microservices is to model them. This helps in defining the scope of the microservices. There is a lot at stake at this first step. Improper modeling can lead to serious disasters in software development.

The process is not trivial, I must say. There are many grey areas indeed! Thankfully we have the fundamental principles, which promise us to guide in this journey. The three magic principles, I am going to talk about is —

  1. Single Responsibility
  2. High Cohesion
  3. Loose Coupling

I know the discussion is going to be a bit theoretical. But believe me…

There are at least a dozen threat modeling methodologies in the market. In this article, I am trying to gauge the popularity of them.

Image by Darwin Laganzon from Pixabay

The Methodologies

Here is the list of methodologies, I am considering for my assessment —

  1. Attack Tree — This is one of the oldest methodologies which can be applied to a wide set of industries. It's based on conceptual diagrams showing how an asset, or target, might be attacked.
  2. OCTAVE — This approach is driven by operational risk and security practices and not technology. …

In this article, we will develop our first microservice based on the spring-boot framework and the fundamentals of microservices architecture. This is exercise-driven and segregated into four areas — Design, Development, Test, and Deploy.

Photo by Alexander Dummer on Unsplash

As the topic is very wide, I do not intend to distract you with the details. Rather, I am covering the bare minimum on this topic here. Just good enough for you to start on the journey of Spring Boot Microservices. This is an exercise-driven article and I have segregated them into four areas. Each of these areas is mapped to the phases of the development lifecycle, which we all are accustomed to.

In this article, I am capturing the top ten security threats for microservices based on OWASP — Top Ten. We will look into the definition, example scenarios, and solutions for each of these threats.

Photo by Matthew Henry on Unsplash


Microservices Architecture has changed the way applications used to be built, developed, tested, deployed, monitored, and secured. We do not have a single entry point to the system now. The monolith is broken into multiple microservices. In this article, we are going to address the top ten security threats for microservices based on OWASP — API Security Top Ten.

Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. OWASP has many projects, web-application security being the most popular. My focus lies with their…

In this article, we are going to decode one of the OWASP Security Threats — “Broken Authentication”, in the context of Microservices Architecture. We will discuss the threat along with the solutions from multiple aspects including o-auth, API gateway, service-service communication, etc.

Photo by Jilbert Ebrahimi on Unsplash

Broken Authentication is the second most severe threat when it comes to OWASP API Security Threats. Microservices Architecture has changed the rules of authentication and authorization to a great extent. We must understand the dynamics, scope, and issues of this threat and address it during our design and development. I am going to cover the topic in four parts —

  1. Authentication Flows — In this section, we will understand the authentication and associated flows. This will help in defining the scope and boundaries of this threat.
  2. Authentication Flows in Microservices — In this section, we will understand how the authentication…

Lal Verma

Technology Evangelist | Microservices Architecture, Cloud Technologies, Enterprise Softwares

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store