Module 16
Securing systems end-to-end: authentication, authorization, rate limiting, encryption, DDoS protection, and zero trust architecture.
OAuth2 grant types, JWT structure and validation, access tokens vs refresh tokens, token storage, and common security pitfalls.
Role-Based Access Control vs Attribute-Based Access Control: design trade-offs, policy engines, permission hierarchies, and multi-tenancy.
Algorithms in depth: token bucket, leaky bucket, fixed window, sliding window log, sliding window counter. Distributed rate limiting across multiple servers.
Using API gateways as security perimeters: authentication, authorization, request validation, IP whitelisting, and WAF integration.
TLS handshake, certificate management, encryption at rest vs in transit, key management services, and envelope encryption patterns.
Types of DDoS attacks, mitigation strategies: rate limiting, CDN absorption, anycast routing, auto-scaling, and WAF rules.
Never trust, always verify: zero trust principles, microsegmentation, service identity, mutual TLS, and implementing zero trust incrementally.