1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Overview of Microservice Architecture and Analysis of Typical Vulnerabilities

Overview of Microservice Architecture and Analysis of Typical Vulnerabilities

CSN.
2025;
Volume 7, Number 2
: pp. 114 - 121
https://doi.org/10.23939/csn2025.02.114
Authors:
  1. D. O. Kudriavtsev
  2. L. Z. Mychuda
1
Lviv Politechnic National University, Department of Information Technology Security, Ukraine
2
Lviv Polytechnic National University, Department of Computerized Automation Systems

The article examines the security of microservice architectures in the context of common vulnerabilities that arise in distributed systems. The authors analyze the essence of the microservice approach, which, despite its advantages in scalability and flexibility, introduces new challenges in the field of cybersecurity. The main focus is on issues of access management, network configuration, and data protection during transmission between services, which can create additional attack vectors. Empirical studies in recent years indicate that about one-fifth of Kubernetes manifests contain at least one critical configuration error, while over 90 % of container images have known vulnerabilities, significantly expan- ding the attack surface.

The article provides a systematic review of scientific research, detailing the advantages and disadvantages of microservice systems, and identifies key recommendations for ensuring security. Special attention is given to modern vulnerability detection technologies, including static and dynamic analysis methods, as well as approaches to monitoring containerized environments.

The authors also examine threat analysis methodologies, including traditional approaches and modern models for simulating potential attacks, which help identify system weaknesses and assess risks. The results of the study highlight the need for a comprehensive security approach that integrates effective authentication mechanisms, careful network configuration review, and continuous monitoring using advanced threat analysis technologies.

Thus, the article outlines the current state of security issues in microservice architectures, sum- marizes the obtained findings, and formulates recommendations for further research and the enhancement of protection measures in the face of growing cyber threats.

microservice architecture
cybersecurity
vulnerabilities
threat analysis
monitoring
containerization
authentication/authorization
  1. Jayalath, R. K., Ahmad, H., Goel, D., Syed, M. S., & Ullah, F. (2024). Microservice Vulnerability Analysis: A Literature Review with Empirical Insights. DOI: https://doi.org/10.48550/arXiv.2408.03960.
  2. Hannousse, A.,  & Yahiouche, S.  (2021). Securing  microservices and  microservice  architectures: A systematic mapping study. Computer Science Review, 41, 100415. DOI: https://doi.org/10.48550/arXiv.2003.07262.
  3. Nasab, A. R., Shahin, M., Raviz, S. A. H., Liang, P., Mashmool, A., & Lenarduzzi, V. (2022). An Empirical Study of Security Practices for Microservices Systems. DOI: https://doi.org/10.48550/arXiv.2112.14927.
  4. Mateus-Coelho, Nuno & Cruz-Cunha, Maria & Ferreira, Luis. (2021). Security in Microservices Architectures. Procedia Computer Science. 181. 1225-1236. 10.1016/j.procs.2021.01.320. DOI: https://doi.org/ 10.1016/j.procs.2021.01.320.
  5. Haindl, Philipp & Kochberger, Patrick & Sveggen, Markus. (2024). A Systematic Literature Review of Inter- Service Security Threats and Mitigation Strategies in Microservice Architectures. IEEE Access. PP. 1–1. 10.1109/ACCESS.2024.3406500. DOI: http://dx.doi.org/10.1109/ACCESS.2024.3406500.
  6. Alboqmi, Rami & Gamble, Rose. (2025). Enhancing Microservice Security Through Vulnerability-Driven Trust in the Service Mesh Architecture. Sensors. 25. 914. 10.3390/s25030914. DOI: http://dx.doi.org/10.3390/ s25030914.
  7. Rahman, A., Shamim, S. I., Bose, D. B., & Pandita, R. (2023). Security misconfigurations in open source Kubernetes manifests: An empirical study. ACM Transactions on Software Engineering and Methodology, 32(4), Article 99. DOI: https://doi.org/10.1145/3579639.
  8. Mazidi, A., Corradini, D., & Ghafari, M. (2024, June). Mining REST APIs for potential mass assignment vulnerabilities. In Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering (EASE ’24) (pp. 369–374). ACM. DOI: https://doi.org/10.1145/3661167.3661204.
  9. Shamim, S. I., Hu, H., & Rahman, A. (2025). On prescription or off prescription? An empirical study of community-prescribed security configurations for Kubernetes. In Proceedings of the IEEE/ACM 47th International Conference on Software Engineering (ICSE ’25) (pp. 2432–2444). IEEE Press. DOI: https://doi.org/10.1109/ICSE55347.2025.00170.
  10. Piskachev, G., Becker, M. & Bodden, E. (2023). Can the configuration of static analyses make resolving security vulnerabilities more effective? – A user study. Empir Software Eng 28, 118. DOI: https://doi.org/10.1007/ s10664-023-10354-3.
  11. Ihor Sasovets. (2025). Dynamic Application Security Testing: The Ultimate Guide. TechMagic article. URL: https://www.techmagic.co/blog/dast.
  12. Javed, Omar & Toor, Salman. (2021). Understanding the Quality of Container Security Vulnerability Detection Tools. 10.48550/arXiv.2101.03844. DOI: http://dx.doi.org/10.48550/arXiv.2101.03844.
  13. Jani, Yash. (2024). Unified Monitoring for Microservices: Implementing Prometheus and Grafana for Scalable Solutions. Journal of Artificial Intelligence, Machine Learning and Data Science. 2. 848-852. 10.51219/JAIMLD/yash-jani/206. DOI: http://dx.doi.org/10.51219/JAIMLD/yash-jani/206.
  14. Almeida, Murilo & Canedo, E.D.. (2022). Authentication and Authorization in Microservices Architecture: A Systematic Literature Review. Applied Sciences. 12. 3023. 10.3390/app12063023. DOI: https://doi.org/10.3390/ app12063023.
  15. Shahzad Bhatti. (2024). Security Challenges in Microservice Architecture. Medium article. URL: https://shahbhat.medium.com/security-challenges-in-microservice-architec....
  16. Pereira-Vale A., Fernandez E. B., Monge R., Astudillo H., Márquez G. (2021). Security in microservice- based systems: A Multivocal literature review. Computers & Security, 103, 102200. DOI: https://doi.org/10.1016/ j.cose.2021.102200.
  17. CWE-209 Description. Generation of Error Message Containing Sensitive Information. URL: https://cwe.mitre.org/data/definitions/209.html.
  18. OWASP. Microservices Security - OWASP Cheat Sheet Series. URL: https://cheatsheetseries.owasp.org/ cheatsheets/Microservices_Security_Cheat_Sheet.html.
  19. Oluwatobiloba, Anifowose & Adelusi, Joshua. (2025). Security Challenges in Cloud-Native Microservices: A Risk Assessment and Mitigation Framework. URL: https://www.researchgate.net/publication/388956545_Security_ Challenges_in_Cloud-Native_Microservices_A_Risk_Assessment_and_Mitigation_Framework.
  20. Bipin Gajbhiye, Akshun Chhapola & Shalu Jain. (2023). Advanced Threat Modeling Techniques for Micro services Architectures. URL: https://ijnrd.org/papers/IJNRD2304737.pdf.
  21. National Cyber Security Centre of United Kingdom. (2023). Using Attack Trees to Understand Cyber Security Risk. URL: https://www.ncsc.gov.uk/collection/risk-management/using-attack-trees-to-understand-cyber- security-risk.
  22. Abdulsatar M., Ahmad H., Goel D., Ullah F. (2024). Towards Deep Learning Enabled Cybersecurity Risk Assessment for Microservice Architectures. DOI: https://doi.org/10.48550/arXiv.2403.15169.
  23. Leines-Vite L., Pérez-Arriaga J. C., Limón X. (2021). Information and Communication Security Mechanisms For Microservices-based Systems. International Journal of Network Security & Its Applications, 13(6), 85–103. DOI: https://doi.org/10.48550/arXiv.2111.01218.