Four-Project Series

Secure File-Sharing APIs with AWS S3 you own this product

prerequisites
basics of Java and Spring Boot • basics of AWS S3
skills learned
harden file-sharing services • JSON Web Token (JWT) authentication • decentralized authorization • validate digital signatures • malware analysis • security testing
Sashank Dara
4 weeks · 6-8 hours per week average · BEGINNER
Included with a Manning Online subscription

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

ShareSafe’s mission is to provide online file-sharing-as-a-service and, as its developer, your mission is to build that service with robust security that will keep ShareSafe’s customers coming back. Using Java Spring Boot, you’ll build a simple file transfer REST API service that supports uploading and downloading of files, and you’ll identify and tackle file-upload vulnerabilities. You’ll add security by implementing a user-authentication layer using JSON Web Tokens (JWTs) and leveraging macaroons (cryptographic cookies) for secure file sharing.

To boost security, you’ll add file integrity checks and logging of all user and file activities. Then, you’ll take your REST API service’s security up a level by configuring AWS S3 to enable malware analysis, and implementing VirusTotal, a service that provides dynamic and behavioral analysis of shared files. When you’re done with these liveProjects, you’ll have built a file-sharing REST API with high availability, durability, and security, and ShareSafe’s customers will enjoy a secure file-sharing experience.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

It’s an interesting project building an interesting tool.

Richard Vaughan, CTO, Purple Monkey Collective

here's what's included

Project 1 Harden File Transferring

You’re a developer for ShareSafe, a company whose customers can upload personal documents, photos, and videos onto ShareSafe’s website using APIs. Your task is to enable ShareSafe’s users to share their files with others. Using Java Spring Boot, you’ll build a simple file transfer REST API service that supports uploading and downloading of files, and you’ll identify and tackle the file upload vulnerabilities of your REST API service. For backend file storage, you’ll implement Amazon Simple Storage Service (AWS S3). Finally, you’ll harden your service against the most common vulnerabilities by configuring and implementing AWS S3 encryption and access-management features. When you’re finished, you’ll have built a file transfer service that provides high scalability, durability, encryption, and backups, and allows your users to share their files with ease.

learn more
$29.99 $18.89
add to cart
Project 2 Shareable File URLs

Help ShareSafe’s customers share with confidence. You’re a developer for a company that provides online file-sharing-as-a service. Its users can upload and share personal documents, photos, and videos onto ShareSafe’s website using APIs. Your task is to add security to ShareSafe’s file-transfer REST API service. You’ll implement a user-authentication layer using JSON Web Tokens (JWTs), provide authorization for shareable URLs by establishing the relationship between users and files, and leverage macaroons (cryptographic cookies) to provide a secure way for users to share files.

learn more
$29.99 $18.89
add to cart
Project 3 File Integrity Monitoring

Give ShareSafe’s online file-sharing service a security boost. You’re a developer for a company whose customers can upload and share personal documents, photos, and videos onto its website using APIs. Your task is to enhance the security of ShareSafe’s file transfer REST API service by adding file integrity checks. Using JSON Web Tokens (JWTs), you’ll implement basic key generation, signing, and validation of data. You’ll refactor the API with the ability to validate digital signatures, and you’ll make identifying suspicious requests easier (and satisfy compliance requirements) by adding logging of all user and file activities.

learn more
$29.99 $18.89
add to cart
Project 4 Malware Analysis

Build a better defense! As a developer at ShareSafe, a company that provides online file-sharing-as-a-service, your task is to uplevel the security of its REST API file-transfer service by adding functionality for checking uploaded files for malware. You’ll set up a robust infrastructure for malware analysis of files stored in AWS S3 buckets, integrate the infrastructure with the REST API service, and implement VirusTotal, a threat intelligence service that provides dynamic and behavioral analysis to shared files. When you’re finished, you’ll have built a solid line of defense against known malware and provided users with a secure file-sharing experience.

learn more
$29.99 $18.89
add to cart

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan

pro

monthly
annual
$24.99
$249.99
only $20.83 per month
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Secure File-Sharing APIs with AWS S3 project for free

team

monthly
annual
$49.99
$499.99
only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Secure File-Sharing APIs with AWS S3 project for free

project author

Sashank Dara

Sashank Dara received his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He’s an expert cybersecurity technologist with more than 17 years of experience in the field, including as a consultant advisor for Manipal Global Education Services’ cybersecurity programs and as a security technology and strategy advisor for security startups including Appknox, Haltdos, and SecurityJourney.com. He remains a trusted information security consultant and advisor for top companies in EdTech, IT/ITes, academia, and real estate. He’s the co-inventor of 5 U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security, and he’s published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. A prolific speaker at security conferences and invited talks, Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.

Prerequisites

These liveProjects are for programmers familiar with basic REST APIs and Java who are interested in learning to build a simple and secure file-sharing API service. To begin these liveProjects you’ll need to be familiar with the following:

TOOLS
  • Basics of Java
  • Basics of Spring
  • Basics of JDBC
  • Basics of AWS S3 file sharing
  • Testing APIs via Postman
  • Basics of Ubuntu as host system
  • Basics of Docker
  • Basics of Git
TECHNIQUES
  • Basic debugging
  • Code reviews
  • Code refactoring
  • Unit testing
  • Security testing
  • AWS service configurations

you will learn

In this liveProject series, you’ll learn to build and secure a simple file-sharing service, using secure coding and testing practices.

  • Understand the shared responsibility model of cloud security
  • Understand the ShareSafe API specified in Open API Specification 3.0 using Swagger
  • Set up the environment to implement the API specification provided using Java Spring
  • AWS S3 Java SDK and APIs
  • Implement basic file-sharing REST API service
  • Implement the JWT-based HTTP authentication with username and password
  • Implement file sharing with shareable URLs
  • Authorize file download requests based on permissions granted
  • Test the functionality of the reference API implementation using Postman
  • Access control testing
  • Malware analysis on the files being uploaded
  • Log all requests for auditing purposes using standard formats

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.