PortfolioSoftware DevelopmentSecurity Vulnerability PatchingAdvanced
Software DevelopmentAdvanced 3 to 5 hours

Secure an App against CSRF & Rate Limiting Attacks

Defend a critical API from automated brute-force attacks and cross-site forgery.

The Scenario

Your banking application has two major flaws. First, attackers are brute-forcing the `/login` endpoint with thousands of requests per second. Second, the `/transfer-funds` endpoint is vulnerable to Cross-Site Request Forgery (CSRF) because it relies solely on session cookies.

The Brief

Design the security architecture to fix both issues. Implement a Rate Limiter for the login endpoint (e.g., using Redis) and explain how you would implement Anti-CSRF tokens (or SameSite cookie attributes) for the transfer endpoint.

Deliverables

  • A code snippet or pseudo-code showing a Redis-backed rate limiter middleware for the login route
  • An explanation of how an Anti-CSRF token lifecycle works (generation, delivery, validation)
  • A defense of using `SameSite=Strict` cookies versus traditional CSRF tokens

Submission Guidance

This is an advanced architectural security task. You need to understand how session cookies are sent by the browser implicitly, and how to stop attackers from abusing that.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.