We try to break an existing application into microservices, but encounter one security problem after another. It seems that we do not only scale the application, we also scale the vulnerabilities with it: * We publish an interface – how do we ensure authentication? * We distribute the application to several nodes – how can they communicate securely? * We use different technologies on frontend and backend –are the components vulnerable? What are the issues as we go further and do our solution patterns work? In this talk we go through the different steps, identify the weak spots and discuss solutions.