Started researching on concrete architectural ways to create the web security awareness application. Received approval from both school/industrial supervisor to go ahead with the project.
Rough sketch of the architecture I currently have in mind
The proposed architecture consists of 3 layers.
- REST API
The Web Server (app tier) is responsible for processing/transforming the data it receives from the client/API.
The API is an end point for the web server to perform CRUD operations on the database.
The database would most likely be a NoSQL DB, most likely MongoDB, or using a managed NoSQL DB from AWS/Azure/Google depending on security needs.
The plan is to be able to dockerize the entire architecture so that I can scale each individual layer separate from each other. The end goal is to be able to launch the entire service using Docker-compose so that the web application can exist on any platform using only 1 configuration file.