18 May, 2020 | 3 min read

Five Must-Read Books on Microservices, API Security, and Cloud-Native Technologies

  • Vishva Ahangama
  • Senior Lead Marketing Officer - WSO2

Photo by Suzy Hazelwood from Pexels

This engaging list is not just for IT mavens. It’s for all DevOps engineers, developers, and architects—whatever your level of experience with microservices architectures. Sharpen your skills, glean valuable information in a short amount of time, and discover effective new ways to develop, deploy, and manage modern applications at speed and scale.

Even prior to a post-pandemic reality, a market leap was already underway for cloud technologies amid cost optimization and increased competition. In 2020, Gartner expects the worldwide public cloud services market to grow 17%, up 10% and $266.4 billion YoY. Within this context, microservices architecture—which focuses on elastic scaling with on-demand resources—and a host of related technologies appear poised to lead the tech sector’s push. Enterprises are now rapidly delivering not just the microservices themselves, but the platforms, tools, and frameworks necessary for connecting them seamlessly together. 

If you haven’t already, now is the best time to hone the skills needed for implementing modular software systems, securing your code and infrastructure, and deploying your applications via container-based (and open-source) platforms such as Docker and Kubernetes. Perhaps, this also presents the ideal opportunity to become proficient with a cloud-first programming language and apply these concepts and techniques to your next cloud application developments.

Over the past few years, our resident thought lords have painstakingly created valuable tomes that not only comprehensively explain key architectural principles but also show how they work in real-world scenarios. The books all include hands-on challenges and projects to help you implement what you have learned. 

Let's dive in.

Microservices for the Enterprise

By Kasun Indrasiri and Prabath Siriwardena

Microservices for the Enterprise covers state-of-the-art techniques around microservices messaging, service development and description, service discovery, governance, and data management technologies and guides you through the microservices design process. Also included is the importance of organizing services as core versus atomic, composite versus integration, and API versus edge, and how such organization helps to eliminate the use of a central ESB and expose services through an API gateway.

What you will learn:

  • Design and develop microservices architectures with confidence
  • Put into practice the most modern techniques around messaging technologies 
  • Apply the Service Mesh pattern to overcome inter-service communication challenges
  • Apply battle-tested microservices security patterns to address real-world scenarios
  • Handle API management, decentralized data management, and observability

Who this book is for:

Developers and DevOps engineers responsible for implementing applications around a microservices architecture, and architects and analysts who are designing such systems.

Microservices Security in Action

By Prabath Siriwardena and Nuwan Dias

Microservices Security in Action teaches you how to secure your microservices application’s code and infrastructure. After a straightforward introduction to the challenges of microservices security, you’ll learn fundamentals to secure both the application perimeter and service-to-service communication. Following a hands-on example, you’ll explore how to deploy and secure microservices behind an API gateway as well as how to access microservices accessed by a single-page application (SPA).

What you will learn:

  • Key microservices security fundamentals
  • Securing service-to-service communication with mTLS and JWT
  • Deploying and securing microservices with Docker
  • Using Kubernetes security
  • Securing event-driven microservices
  • Using the Istio Service Mesh
  • Applying access control policies with OPA
  • Microservices security best practices
  • Building a single-page application to talk to microservices
  • Static code analysis, dynamic testing, and automatic security testing

Advanced API Security: OAuth 2.0 and Beyond

By Prabath Siriwardena

Security must be an integral part of any development project. This book shares best practices in designing APIs for better security. API security has evolved since the first edition of this book, and the growth of standards related to API security has been exponential. OAuth 2.0 is the most widely adopted framework that is used as the foundation for these standards. This book shows you how to apply OAuth 2.0 to your own situation in order to secure and protect your enterprise APIs from exploitations and attacks.

What you will learn:

  • Securely design, develop, and deploy enterprise APIs
  • Pick security standards and protocols to match business needs
  • Mitigate security exploits by understanding the OAuth 2.0 threat landscape
  • Federate identities to expand business APIs beyond the corporate firewall
  • Protect microservices at the edge by securing their APIs
  • Develop native mobile applications to access APIs securely
  • Integrate applications with SaaS APIs protected with OAuth 2.0

Who this book is for:

Enterprise security architects who are interested in best practices around designing APIs. The book is also for developers who are building enterprise APIs and integrating with internal and external applications.

gRPC: Up and Running: Building Cloud-Native Applications with Go and Java for Docker and Kubernetes

By Kasun Indrasiri and Danesh Kuruppu

Get a comprehensive understanding of gRPC fundamentals through real-world examples. With this practical guide, you’ll learn how this high-performance interprocess communication protocol is capable of connecting polyglot services in microservices architecture while providing a rich framework for defining service contracts and data types.

Complete with hands-on examples written in Go, Java, Node, and Python, this book also covers the essential techniques and best practices to use gRPC in production systems. 

Beginning Ballerina Programming: From Novice to Professional

By Anjana Fernando and Lakmal Warusawithana

This book shows you that Ballerina is a cutting-edge programming language that incorporates many of the latest technological advancements in programming language theory. You'll learn variables and types, modules and functions, flow control, error handling, concurrency, I/O, cloud/network programming, persistence and data access, security, and more. 

Additionally, Beginning Ballerina Programming introduces many foundation computer science topics along the way and doesn’t assume much prior knowledge. For example, when introducing transport-level security, you will get a brief introduction to public-key cryptography, how it is different from private-key cryptography, and why it is needed. This provides an added bonus for you to learn something new and general in computer science. 

What you will learn:

  • Start programming with Ballerina 
  • Gain the basics of network communication and programming
  • Obtain a solid understanding of services/API development 
  • Effective use of concurrency in programming 
  • Learn the basics of information security and its applications
  • Persistent data storage and access

Who this book is for:

Absolute beginners in computer programming: No prior experience with computer programming is expected. This can also be a reference book for experienced developers in other languages, who want to learn a modern programming language.

How Can We Help?

These great books aside, we offer a number of opportunities to connect with our expertswherever you are in the world. Sign up for our virtual events or get in touch with us here if you’d like to learn more about microservices, API security, enterprise integration, and identity management.