In this series of liveProjects, you’ll step into the role of a security engineer working for blog aggregator site ReadBytes. Your company takes news, blogs, and articles from across the web and condenses them into one feed for your clients. These aggregated articles can be accessed via web API. In order to improve the security of ReadBytes, your challenge in these liveProjects is to both encrypt website traffic to your website and provide a rate limit on the number of API requests per user. To do this, you’ll add encryption and rate limiting by using popular open-source web server NGINX.
In this liveProject, you’ll take on the challenge of encrypting web traffic to the ReadBytes news aggregator site. ReadBytes uses a REST API to distribute its content, and you’ll encrypt traffic with the popular open-source web server NGINX. You’ll inspect HTTP traffic, implement HTTPS protocols, and then inspect the HTTPS traffic again.
In this liveProject, you’ll step into the shoes of a security engineer working for news aggregator ReadBytes. Your site uses a REST API to distribute its content, which is vulnerable to the ever-increasing risks of attacks like brute forcing and credential stuffing. Your manager wants you to provide rate limiting of requests to help secure your API. To do this, you’ll first perform your own brute force attack, then implement and test a rate limiter.
This liveProject series is for security operations engineers who know the basics of REST APIs. To begin this liveProject, you will need to be familiar with the following:
In these liveProjects, you’ll learn the essentials of encryption and rate limiting for REST APIs.