Event-driven architectures use message brokers (Kafka, RabbitMQ, AWS SQS/SNS) for asynchronous communication between services. Security testing covers: message broker authentication and access control, message encryption in transit and at rest, topic/queue access permissions (can a service consume messages it shouldn't?), message injection and manipulation, dead letter queue exposure, and event replay attacks. In event-driven systems, a compromised message broker can observe or manipulate all inter-service communication.
Technical
Event-Driven Architecture Security: Testing Message Queues, Event Buses, and Stream Processing — 日本企業向けガイド
Event-driven systems use message brokers for asynchronous communication. Security testing for Kafka, RabbitMQ, and event streaming platforms. Guidance for JP market.