Day 46 of #100DayOfCode — Security (Rate limiting CORS Helmet)

Backend security isn’t optional; it is the foundation of any reliable application. No matter how good your features are, a vulnerable backend can expose sensitive data, allow abuse, or even bring your entire system down. This is exactly why we use rate limiting to prevent abuse, CORS to control access, and Helmet to secure our application at the protocol level. For day 46, the goal was to understand what rate limiting, CORS, and helmet are and why they are used. What is Rate Limiting? Rate limiting restricts how many requests a client can make to your server within a specific time window. Why it matters It protects your API from: Brute-force attacks DDoS attempts API abuse Example (Express.js) import express from " express " ; import rateLimit from " express-rate-limit " ; const app = express (); const limiter = rateLimit ({ windowMs : 15 * 60 * 1000 , // 15 minutes max : 100 , // limit each IP message : " Too many requests, please try again later. " }); app . use ( limiter ); app . ge