// module
REST API Hardening
AUD 940 (informational)
Responsible mentor
Harriet Voss
Backend mentor; prefers boring crypto choices.
Outcomes
- Ship an idempotent POST with tests
- Produce an auth decision memo one page max
- Run a 20-minute threat sketch on your capstone API
Description
You implement middleware stacks, trace request IDs, and run a tabletop security conversation with scripted prompts.
Inside the track
- JWT vs session trade-off lab
- Idempotency for write endpoints
- Rate limit tuning with graphs
- OWASP API top risks walkthrough
- Structured error payloads workshop
- Partner integration mock with awkward retries
Reviews
Idempotency module in REST API Hardening saved our webhook retries from duplicate charges.
FAQ
Conceptual; we do not run live pentests inside the cohort.
Examples in Node; patterns apply elsewhere.
Hardware security modules and bespoke banking stacks.