Enhancing microservices’ security and mitigating risks associated with SSRF attacks

A major telecommunications operator in Poland that caters to diverse customers with a wide array of services. The company struggled with its existing authentication and authorization solution, which lacked the security for its distributed architecture.

The operator was particularly concerned about unsecured communications, as data exchanged between microservices could be intercepted by unauthorized parties. A second potential exposure was committed to a Server-Side Request Forgery (SSRF) attack, as malicious actors could exploit vulnerabilities to gain unauthorized access to internal resources. Software Mind, in collaboration with the client, developed and delivered a solution based on OAuth 2.0 and JWT (JSON Web Tokens) authentication mechanisms. The solution integrated with the client’s existing frameworks, including Spring, Spring Boot, Micronaut, and Quarkus, thereby eliminating the need for additional components. The solution provided an authentication and authorization layer as a declaratively configurable matrix. The implemented solution fully mitigated the risks associated with SSRF attacks by addressing various vulnerabilities such as the omission of IP restrictions on service invocation, authentication enforcement across all microservices, internal port scanning of services to detect and contain unauthorized access and prevention of using alternative file syntaxes (downloading files from the server).