Section outline

  • Collapse Expand

    General

    Collapse all Expand all

    • girl fighting against AI with ninjutsu

    • Ninjutsu – Cybersecurity

      AI is supercharging scams, hacks, and deception — train your teen to fight back with real security skills.
      Ninjutsu wins through stealth, awareness, and control. Cybersecurity is modern ninjutsu: see the attack before it lands, shut the door before it opens, and disappear from easy targets.

      ✅ Start here (free)

      Start at Lesson 1 and move forward. Each lesson is broken into micro‑presentations (short, clear screens — one concept at a time). This makes training realistic even with school and distractions.

      1. Learn: read the micro‑presentations
      2. (Paid) Drill: take the quiz and record your score
      3. Prove: pass the belt exam to rank up

      Ninjutsu rule: stay invisible to easy attacks. Reduce exposure, build discipline, and don’t become a target.

      👨‍👩‍👧 For parents: why this course matters

      AI has scaled cyber threats: phishing, impersonation, password attacks, and automated scanning. This course trains teens to think like defenders: verify reality, recognize threats, reduce exposure, and build safer habits.

      The goal is not “cool hacking.” The goal is defensive discipline: awareness, prevention, safe decision-making, and understanding how attacks unfold so they can be stopped.

      Disclaimer: This course builds skills and discipline. It does not guarantee certifications, jobs, or outcomes.

      🎯 For teens: the mission

      Train like a defender in the shadows: spot traps, read systems, and lock them down. AI can generate confident “answers.” You’ll train what’s true, what’s risky, and what actually protects you.

      • Be hard to fool: resist scams, impersonation, and manipulation
      • Be hard to steal from: protect accounts, devices, and data
      • Be hard to track: reduce your public footprint
      • Earn belts: prove your skills under pressure

      If you like strategy and “seeing the trap before it happens,” send this course to a friend.

      🧠 What your teen will learn
      • Security goals and threat thinking (how breaches unfold)
      • Recon and footprint awareness (what’s exposed and why it matters)
      • Network and service exposure concepts (“doors and windows”)
      • Vulnerability scanning concepts and prioritization (defensive viewpoint)
      • Authentication failures and defensive countermeasures
      • Malware awareness and basic analysis thinking (safe, defender-oriented)
      • Traffic awareness and interception risks (defender view)
      • Social engineering defense habits
      • Web application security fundamentals (common weaknesses + fixes)
      • Wireless/mobile/IoT/cloud risk thinking and hardening essentials
      • Cryptography basics: encryption, hashing, keys, signatures
      🛡️ Ethics & safety rules (important)
      • Defensive course. This dojo trains protection, not harm.
      • No targeting real systems. Only learn on your own accounts/devices or authorized training environments.
      • Permission is the line. “I was curious” is not a defense.
      • Parent involvement encouraged for belt tests and accountability.

      Ninjutsu mindset: control yourself first. Then control your security.

      🥋 How training works (simple + structured)
      • Short training slides (micro‑presentations; one idea per screen)
      • (Paid) Auto‑graded drills/quizzes with retries
      • (Paid) Belt exams to prove progress
      • Moodle tracking: scores, completion, progress history
      • No technical DM support required — progress is designed to be independent

      Learn → drill → test → rank up. That’s the dojo system.

      🥋 Belt map

      Lesson ranges refer to the course training forms.

      • White Belt (Lessons 1–5) — Shadow Code Fundamentals
        Security goals, threat models, risk thinking, incident basics, ethics/laws/safe practice.
      • Yellow Belt (Lessons 6–10) — Leave No Footprints
        Public footprint, OSINT discipline, domain/DNS awareness, web presence clues, identity/email exposure.
      • Orange Belt (Lessons 11–13) — Map the Battlefield
        Network discovery concepts, ports/services as “doors,” and enumeration mindset.
      • Green Belt (Lessons 14–17) — Find Weak Points, Fix First
        Vulnerability scanning concepts, prioritization, authentication failures, post-compromise awareness.
      • Blue Belt (Lessons 18–21) — Read the Wire
        Malware indicators, analysis thinking, traffic awareness, interception/MITM concepts and counter-moves.
      • Brown Belt (Lessons 22–24) — Human Firewall
        Social engineering defense, DoS resilience mindset, session/token risks and countermeasures.
      • Black Belt (Lessons 25–30) — Master of Defense Systems
        Web + API defense concepts, wireless/mobile risks, IoT/OT risks, cloud + crypto essentials.
        Black Belt Test: comprehensive final exam.

      Belts are proof. Parents get visibility. Teens get momentum.

      🏷️ Free vs Dojo Membership (paid)

      Free (Guest Training)

      • Access the free lesson content (training slides / micro‑presentations)
      • See the curriculum + belt map
      • Preview the dojo structure

      Dojo Membership (Paid)

      • Full access to all drills, quizzes, and belt tests
      • Belt tracking and certificates
      • Parent visibility of progress and scores inside Moodle

      Founders / Inauguration Price: $5 per course for 30 days (about the price of a coffee). This is the launch price while the dojo is expanding — as more belts, exams, and courses are added, the price will rise.

      📚 Curriculum / Training Forms (30 lessons)
      1. The Ninja Code — what security protects and how defenders think.
      2. Threat Thinking — attack lifecycle models and defensive mapping.
      3. Risk Management — prioritize what matters.
      4. Incident Readiness — contain, eradicate, recover.
      5. Ethics & Safe Practice — responsible boundaries.
      6. Recon Basics — understanding public footprint exposure.
      7. OSINT Discipline — collect and verify open-source signals.
      8. Domain & DNS Awareness — how names map to systems.
      9. Website/App Fingerprinting Concepts — what stacks reveal.
      10. Email & Identity Footprinting — impersonation awareness.
      11. Network Discovery Concepts — visibility as defense.
      12. Port & Service Exposure — the “doors and windows.”
      13. Enumeration Mindset — when systems leak too much.
      14. Vulnerability Scanning Concepts — how scanners work (defensive view).
      15. Prioritization — severity vs real risk.
      16. Authentication Failures — passwords, tokens, trust.
      17. Post-Compromise Reality — lateral movement and persistence (defender view).
      18. Malware Types & Indicators — what to look for.
      19. Malware Analysis Thinking — static vs dynamic clues (safe, basic).
      20. Traffic Awareness — spotting abnormal patterns.
      21. Interception Concepts — spoofing/MITM risks and defenses.
      22. Social Engineering Defense — phishing and impersonation.
      23. DoS Resilience — staying available under flood.
      24. Sessions & Tokens — how logins get stolen (defender view).
      25. Web App Defense — common weaknesses and fixes.
      26. Input Safety — injection prevention patterns.
      27. API Security — modern front-door controls.
      28. Wireless & Mobile — pocket battlefield hardening.
      29. IoT & OT Risks — devices as doors.
      30. Cloud + Crypto Essentials — identity-first security and encryption basics.

      Disclaimer: This course provides education and training and cannot guarantee a specific job outcome.

      ✅ Belt Test Rules (read before testing)

      Belts are proof of skill. Belts are earned through drills and belt tests.

      Passing score: 80%
      Retries: Unlimited
      Score policy: Best score counts (highest score recorded; retakes cannot lower record)

      Eligibility: completing the required drills unlocks the belt test.

      Question style: fixed quizzes/exams (clear 4‑option multiple choice). This dojo is optimized for speed and consistency of training.

      Optional anti‑spam cooldown (recommended): add a cooldown after failed attempts to reduce rapid guessing and encourage real review.

      Integrity Rules — “You vs AI”

      • No AI tools during belt tests. No chatbots, no auto-answer tools, no “explain this and give me the solution.”
      • No outside help during belt tests (friends, tutors, siblings).
      • Parent presence encouraged during belt tests (nearby / same room) for accountability and safety.

      Notes Policy

      • Drills: open‑notes allowed.
      • Belt tests: closed‑notes or one‑page notes (dojo admin choice).

      Disclaimer: Belts and certificates verify training progress and do not guarantee job outcomes.

  • Collapse Expand

    Lesson 1: The Ninja Code — What Security Protects and How Defenders Think

  • Collapse Expand

    Lesson 2: Threat Thinking — Attack Lifecycle Models and Defensive Mapping

  • Collapse Expand

    Lesson 3: Risk Management — Prioritize What Matters

  • Collapse Expand

    Lesson 4: Incident Readiness — Contain, Eradicate, Recover

  • Collapse Expand

    Lesson 5: Ethics & Safe Practice — Responsible Boundaries

  • Collapse Expand

    Lesson 6: Recon Basics — Understanding Public Footprint Exposure

  • Collapse Expand

    Lesson 7: OSINT Discipline — Collect and Verify Open-Source Signals

  • Collapse Expand

    Lesson 8: Domain & DNS Awareness — How Names Map to Systems

  • Collapse Expand

    Lesson 9: Website/App Fingerprinting Concepts — What Stacks Reveal

  • Collapse Expand

    Lesson 10: Email & Identity Footprinting — Impersonation Awareness

  • Collapse Expand

    Lesson 11: Network Discovery Concepts

    • Micro-topic 11.1: Introduction to Network Scanning

      Micro-topic Goal: Understand what network discovery (scanning) is and why it’s the first active step in ethical hacking.

    • L11 MT11 1 FREE Content SCORM package

    • Micro-topic 11.2: Ping and ARP – Basic Host Discovery Methods

      Micro-topic Goal: Learn how ping and ARP scans help find live hosts, and understand their limitations.

    • L11 MT11 2 FREE Content SCORM package

    • Micro-topic 11.3: Tools for Network Discovery

      Micro-topic Goal: Explore practical tools that automate host discovery (finding live IPs), such as Angry IP Scanner and Nmap’s ping scan.

    • L11 MT11 3 FREE Content SCORM package

    • Micro-topic 11.4: When Ping Fails – Discovering Hosts Through Other Means

      Micro-topic Goal: Learn how to find hosts that don’t respond to ping by using alternate scanning techniques and understand the concept of stealth in discovery.

    • L11 MT11 4 FREE Content SCORM package
  • Collapse Expand

    Lesson 12: Port & Service Exposure — the “doors and windows”

    • Micro-topic 12.1: Understanding Ports and Services

      Micro-topic Goal: Explain what network ports are, how they relate to services running on a system, and use the “doors and windows of a house” analogy to illustrate open vs closed ports.

    • L12 MT12 1 FREE Content SCORM package

    • Micro-topic 12.2: Port Scanning Basics and Types of Scans

      Micro-topic Goal: Understand how port scanning works to detect open ports, and learn about different scan techniques (full connect vs stealth SYN, etc.) and their purpose.

    • L12 MT12 2 FREE Content SCORM package

    • Micro-topic 12.3: Using Nmap and Zenmap for Port Scanning

      Micro-topic Goal: Introduce Nmap as a powerful port scanning tool (and more), demonstrate basic usage, and mention Zenmap as a GUI alternative for ease of use.

    • L12 MT12 3 FREE Content SCORM package

    • Micro-topic 12.4: Interpreting Port Scan Results and Next Steps

      Micro-topic Goal: Interpret port scan results and plan what to do with found information, setting the stage for enumeration in the next lesson.

    • L12 MT12 4 FREE Content SCORM package
  • Collapse Expand

    Lesson 13: Enumeration Mindset — when systems leak too much

    • Micro-topic 13.1: What is Enumeration?

      Micro-topic Goal: Define enumeration in the ethical hacking process and explain how it differs from earlier steps, emphasizing the goal of gathering detailed information from target systems.

    • L13 MT13 1 FREE Content SCORM package

    • Micro-topic 13.2: Enumerating Windows/SMB and Network Shares

      Micro-topic Goal: Show how attackers enumerate Windows network information, like shared folders, NetBIOS names, and user accounts, through SMB/NetBIOS, especially if misconfigured.

    • L13 MT13 2 FREE Content SCORM package

    • Micro-topic 13.3: Enumerating Other Services (SNMP, SMTP, DNS, etc.)

      Micro-topic Goal: Highlight how attackers enumerate information from common network services beyond SMB – including SNMP, SMTP, DNS, and others – by exploiting default settings or standard queries.

    • L13 MT13 3 FREE Content SCORM package

    • Micro-topic 13.4: Web Enumeration – Finding Hidden Web Content

      Micro-topic Goal: Explain how to enumerate information from web servers and websites, such as discovering hidden directories/pages, reading comments or error messages for info, and generally probing a website for more than what’s immediately visible.

    • L13 MT13 4 FREE Content SCORM package
  • Collapse Expand

    Lesson 14: Vulnerability Scanning Concepts

    Lesson Overview: In this lesson, students learn what vulnerability scanning is and why it’s critical to find weaknesses before attackers (or AI-driven threats) do. We break down how scanners work, types of scans, tools used, and how to interpret results. The goal is to empower learners to proactively discover and fix security gaps – a skill highly valued in cybersecurity jobs.

    • Micro-Topic 14.1: What is Vulnerability Scanning?

      (Goal: Define vulnerability scanning and its importance)

    • GB 14 1 Vulnerability Scanning FREE SCORM12 SCORM package

    • Micro-Topic 14.2: How Vulnerability Scanners Work

      (Goal: Understand how scanning tools identify weaknesses)

    • GB 14 2 How Scanners Work FREE SCORM12 SCORM package

    • Micro-Topic 14.3: Types of Vulnerability Scans

      (Goal: Identify different scanning targets and scopes)

    • GB 14 3 Types of Vulnerability Scans FREE SCORM12 SCORM package

    • Micro-Topic 14.4: Common Vulnerability Scanning Tools

      (Goal: Recognize popular scanners and their features)

    • GB 14 4 Common Vulnerability Scanning Tools FREE SCORM12 SCORM package

    • Micro-Topic 14.5: Interpreting Scan Results and Prioritizing Fixes

      (Goal: Learn to read vulnerability scan reports and decide on remediation)

    • GB 14 5 Interpreting Scan Results FREE SCORM12 SCORM package

    • Micro-Topic 14.6: Vulnerability Scanning vs. Penetration Testing

      (Goal: Differentiate finding vulnerabilities from exploiting them)

    • GB 14 6 Scanning vs Pen Testing FREE SCORM12 SCORM package
  • Collapse Expand

    Lesson 15: Prioritization — Severity vs. Real Risk

    Lesson Overview: This lesson teaches how to prioritize fixing vulnerabilities by understanding the difference between a vulnerability’s technical severity and the real-world risk it poses. Students learn about severity scoring systems (like CVSS), and how factors like exploitability, asset value, and threat context influence what to fix first. The tone is motivational: mastering prioritization skills makes you the strategist who allocates security efforts smartly – a big win in the job arena where resources are limited and attacks are automated.

    • Micro-Topic 15.1: Understanding Vulnerability Severity

      (Goal: Learn how severity of a vulnerability is measured, e.g. CVSS scores)

    • GB 15 1 Understanding Vulnerability Severity FREE SCORM12 SCORM package

    • Micro-Topic 15.2: Risk = Likelihood × Impact

      (Goal: Introduce the concept of risk considering both probability of exploit and potential damage)

    • GB 15 2 Risk Likelihood Impact FREE SCORM12 SCORM package

    • Micro-Topic 15.3: Context Matters – Asset Value and Exposure

      (Goal: Show how the environment changes risk level of vulnerabilities)

    • GB 15 3 Context Matters FREE SCORM12 SCORM package

    • Micro-Topic 15.4: Making Fix Decisions – What to Fix First

      (Goal: Provide a strategy for triaging vulnerabilities in practice)

    • GB 15 4 Making Fix Decisions FREE SCORM12 SCORM package
  • Collapse Expand

    Lesson 16: Authentication Failures — Passwords, Tokens, Trust

    Lesson Overview: This lesson dives into common authentication weaknesses – the “front door” failures that let attackers in. Topics include weak passwords and credential attacks, flaws in token-based authentication (like session hijacking), and pitfalls of misplaced trust (like default credentials or lack of verification). The style is urgent and motivational: securing authentication is often the first battle in cybersecurity – if you win here, you keep bad guys (and malicious AI bots) out of your accounts and systems. We emphasize simple language: every technical term like “token” or “2FA” is explained for teens and parents.

    • Micro-Topic 16.1: The Problem with Passwords

      (Goal: Explain why weak or reused passwords are dangerous)

    • GB 16 1 The Problem with Passwords FREE SCORM12 SCORM package

    • Micro-Topic 16.2: Brute Force, Credential Stuffing, and Other Attacks

      (Goal: Understand common methods attackers use to defeat authentication)

    • GB 16 2 Brute Force Credential Stuffing FREE SCORM12 SCORM package

    • Micro-Topic 16.3: Multi-Factor Authentication (MFA) – Tokens and Codes

      (Goal: Explain what MFA is and how it prevents many authentication failures)

    • GB 16 3 MFA Tokens and Codes FREE SCORM12 SCORM package

    • Micro-Topic 16.4: Trust and Authentication – Don’t Trust, Verify

      (Goal: Highlight why blindly trusting certain conditions can lead to auth failures; introduction to “zero trust” mindset)

    • GB 16 4 Trust and Authentication Dont Trust Verify FREE SCORM12 SCORM package
  • Collapse Expand

    Lesson 17: Post-Compromise Reality — Lateral Movement and Persistence (Defender View)

    Lesson Overview: This lesson educates students on what happens after an attacker breaches a system – how they move laterally through the network and establish persistence to maintain access. The focus is on recognizing these behaviors so that defenders (even young aspiring defenders!) know what to look for and fix first when cleaning up after or preparing for an incident. The tone stresses that in the age of fast-moving malware and AI-driven attacks, understanding post-compromise tactics is key to outsmarting them. We frame it from the defender perspective: find and fix the weak points that allow movement and persistence, and thereby contain the damage.

    • Micro-Topic 17.1: After the Breach – Attackers Don’t Stop at One System

      (Goal: Introduce lateral movement concept in simple terms)

    • GB 17 1 After the Breach Lateral Movement FREE SCORM12 SCORM package

    • Micro-Topic 17.2: Persistence – How Attackers Stay In

      (Goal: Explain what persistence is and give examples of persistence mechanisms)

    • GB 17 2 Persistence How Attackers Stay In FREE SCORM12 SCORM package

    • Micro-Topic 17.3: Defender’s Response – Detecting and Stopping Lateral Movement & Persistence

      (Goal: Teach how defenders can catch and remediate these post-compromise activities)

    • GB 17 3 Defenders Response Detecting Stopping Lateral Movement Persistence FREE SCORM12 SCORM package
  • Collapse Expand

    Lesson 18: Malware Types & Indicators – What to Look For

    Lesson Objective: Understand various types of malware and their indicators of compromise. Students learn to identify viruses, worms, Trojans, rootkits, spyware/adware, and ransomware, and recognize common signs of infection. This knowledge builds a foundation to defeat malicious software – including those enhanced by AI – by knowing the enemy’s “weapons.”

  • Collapse Expand

    Lesson 19: Malware Analysis Thinking – Static vs Dynamic Clues (Safe, Basic)

    Lesson Objective: Introduce students to the fundamentals of malware analysis – how to examine malware safely to understand its behavior. The focus is on static analysis (inspecting malware without running it) versus dynamic analysis (running malware in a controlled environment to observe it). Students learn the basic clues each method can reveal and the importance of safe lab practices. This lesson empowers them to “think like malware analysts,” a skill that sets them apart from automated defenses. (Even in an AI-driven world, human analysts who can dissect new malware are invaluable.)

  • Collapse Expand

    Lesson 20: Traffic Awareness – Spotting Abnormal Patterns

    Lesson Objective: Teach students how to be aware of network traffic patterns and identify what “doesn’t fit.” They will learn the difference between normal, benign network behavior and suspicious or malicious traffic. Key concepts include establishing a baseline of normal activity, recognizing signs of scans, breaches, or attacks in network traffic, and an intro to tools and techniques (like sniffers or basic IDS concepts) for monitoring. With AI increasingly used in both cyber defense and attack, a human who can spot subtle anomalies remains crucial – this lesson builds that intuition.

  • Collapse Expand

    Lesson 21: Interception Concepts – Spoofing & MITM (Risks and Defenses)

    Lesson Objective: Introduce students to the concept of network interception attacks, notably spoofing techniques and Man-in-the-Middle (MITM) attacks. They will learn how attackers can eavesdrop or tamper with communications (e.g., via ARP spoofing, DNS spoofing, rogue Wi-Fi) and the associated risks. Equally important, they will learn defenses to prevent or mitigate MITM attacks (encryption, verification, network safeguards). This lesson continues the “ninja” theme: teaching how to both detect and dodge stealthy interception moves in the cyber battlefield.

  • Collapse Expand

    Lesson 22: Social Engineering Defense — Phishing and Impersonation

    • Micro-Topic 22.1: Spot Phishing Lures

      Goal: Learn to recognize and avoid common phishing traps in emails, texts, and messages.

    • MT22 1 Spot Phishing Lures CONTENT SCORM12 SCORM package

    • Micro-Topic 22.2: Outsmart Impersonation Attempts

      Goal: Develop the instincts to detect and thwart attackers who impersonate trusted individuals in person or via communication.

    • MT22 2 Outsmart Impersonation Attempts CONTENT SCORM12 SCORM package

    • Micro-Topic 22.3: Social Engineering Mind Tricks Exposed

      Goal: Understand the psychological tricks and common methods social engineers use, so you can spot and resist them.

    • MT22 3 Social Engineering Mind Tricks Exposed CONTENT SCORM12 SCORM package

    • Micro-Topic 22.4: Build Your Human Firewall

      Goal: Implement habits, policies, and controls that turn users and organizations into a strong defense against social engineering.

    • MT22 4 Build Your Human Firewall CONTENT SCORM12 SCORM package
  • Collapse Expand

    Lesson 23: DoS Resilience — Staying Available Under Flood

    • Micro-Topic 23.1: Brace for Impact – DoS and DDoS Basics

      Goal: Understand what Denial-of-Service attacks are and why they threaten system availability.

    • MT23 1 Brace for Impact DoS DDoS Basics CONTENT SCORM12 SCORM package

    • Micro-Topic 23.2: Flood Tactics – Common DoS Attack Types

      Goal: Recognize the different methods attackers use to generate floods and overwhelm systems.

    • MT23 2 Flood Tactics Common DoS Attack Types CONTENT SCORM12 SCORM package

    • Micro-Topic 23.3: Shields Up – DoS Defense Strategies

      Goal: Learn how to fortify networks and systems in advance to withstand or mitigate DoS/DDoS attacks.

    • MT23 3 Shields Up DoS Defense Strategies CONTENT SCORM12 SCORM package

    • Micro-Topic 23.4: Under Attack – Monitoring and Incident Response

      Goal: Learn how to detect DoS attacks in real time and the steps to take while an attack is happening to minimize damage.

    • MT23 4 Under Attack Monitoring Incident Response CONTENT SCORM12 SCORM package
  • Collapse Expand

    Lesson 24: Sessions & Tokens — How Logins Get Stolen (Defender View)

    • Micro-Topic 24.1: Session Secrets – How Logins Stay Alive

      Goal: Understand what sessions and tokens are in web/logins, and why protecting them is crucial.

    • MT24 1 Session Secrets How Logins Stay Alive CONTENT SCORM12 SCORM package

    • Micro-Topic 24.2: Token Thieves – How Attackers Steal Sessions (Web Attacks)

      Goal: Learn the common web-based techniques (like XSS and CSRF) attackers use to grab or abuse session tokens.

    • MT24 2 Token Thieves How Attackers Steal Sessions CONTENT SCORM12 SCORM package

    • Micro-Topic 24.3: Eavesdropping & Network Hijacks – Session Theft on the Wire

      Goal: Understand how attackers can hijack sessions by intercepting network traffic (and the importance of encryption).

    • MT24 3 Eavesdropping Network Hijacks Session Theft On The Wire CONTENT SCORM12 SCORM package

    • Micro-Topic 24.4: Guarding the Session – Defensive Measures

      Goal: Learn how developers and users can protect session tokens and prevent hijacking (secure cookies, HTTPS, token best practices, etc.).

    • MT24 4 Guarding The Session Defensive Measures CONTENT SCORM12 SCORM package
  • Collapse Expand

    Lesson 25: Web App Defense — Common Weaknesses and Fixes

    Lesson Overview: This lesson tackles the most prevalent web application vulnerabilities (based on OWASP Top 10) and how to fix them. Students will learn to identify weaknesses like broken access controls, injections, and misconfigurations, and apply remedies to harden web apps.

    • Micro-Topic 25.1: Broken Access Control – When Anyone Can Walk In

      ·       Learning Goal: Understand how missing or weak permission checks (broken access control) let attackers reach off-limits data, and learn ways to lock those “doors” against intruders.

    • microtopic 25 1 access control CONTENT v3 SCORM package

    • Micro-Topic 25.2: Injection Flaws – Poisoning the Input

      ·       Learning Goal: Grasp how injection vulnerabilities (like SQL injection and Command injection) allow attackers to “poison” an application’s inputs and execute malicious commands or queries, and outline basic fixes to neutralize these attacks.

    • microtopic 25 2 injection flaws CONTENT v4 SCORM package

    • Micro-Topic 25.3: Cross-Site Scripting (XSS) – Tricking the Browser

      ·       Learning Goal: Explain how XSS allows attackers to inject malicious scripts into webpages viewed by other users, and identify strategies to prevent these sneaky attacks (like output encoding and content security policies).

    • microtopic 25 3 xss tricking browser CONTENT v4 SCORM package

    • Micro-Topic 25.4: Weak Authentication & Session Management – Keys to the Kingdom

      ·       Learning Goal: Recognize how flawed authentication (login) and session handling can let attackers impersonate others, and learn best practices like strong password handling, multi-factor auth, secure session cookies, etc., to safeguard user accounts.

    • microtopic 25 4 auth sessions CONTENT v4 SCORM package

    • Micro-Topic 25.5: Security Misconfigurations & Outdated Components – Low-Hanging Fruit for Hackers

      ·       Learning Goal: Highlight how default settings, misconfigured servers, or unpatched vulnerable components open the door to attacks, and emphasize the importance of secure configuration and timely updates as defense.

    • microtopic 25 5 misconfig components CONTENT v4 SCORM package

    • Micro-Topic 25.6: Cryptographic Failures – Leaky and Weak Encryption

      ·       Learning Goal: Understand how improper use of cryptography (or not using encryption when needed) leads to data exposure – for instance, not encrypting sensitive data, using weak algorithms, or poor key management – and learn baseline practices to keep data encrypted and safe.

    • microtopic 25 6 crypto failures CONTENT v4 SCORM package
  • Collapse Expand

    Lesson 26: Input Safety — Injection Prevention Patterns

    Lesson Overview: This lesson focuses on defensive patterns to handle user input safely across the board. Building on injection attacks from Lesson 25, students will learn concrete coding practices and design patterns (like whitelisting, validation, encoding, least privilege) that prevent SQL injection, XSS, command injection, and similar input-based attacks.

    • Micro-Topic 26.1: Input Validation & Whitelisting – Only the Expected Enters

      ·       Learning Goal: Emphasize the importance of strict input validation – only allowing expected, well-formed data – and how whitelisting (accepting known good patterns) trumps blacklisting in preventing injection attacks.

    • microtopic 26 1 input validation whitelisting CONTENT v4 SCORM package

    • Micro-Topic 26.2: Parameterized Queries & ORM – SQL Injection Antidote

      ·       Learning Goal: Learn how using parameterized SQL queries (prepared statements) and Object-Relational Mappers (ORMs) prevents SQL injection by separating code from data, and understand their role as a standard defensive pattern in database interactions.

    • microtopic 26 2 parameterized queries orm CONTENT v4 SCORM package

    • Micro-Topic 26.3: Output Encoding & Contextual Escaping – Disarming XSS

      ·       Learning Goal: Focus on the pattern of encoding output according to context (HTML, JavaScript, URL, etc.) to prevent XSS and similar injection attacks on the client side. Students should grasp that sanitizing output is as important as input validation for safety.

    • microtopic 26 3 output encoding escaping CONTENT v4 SCORM package

    • Micro-Topic 26.4: Least Privilege & Safe APIs – Limiting Damage of Injection

      ·       Learning Goal: Understand the defensive principle of least privilege in context of injection prevention (e.g., database accounts with limited rights, OS commands running with minimal privileges) and using safer API methods (instead of risky ones) to reduce the impact of any injection that might occur.

    • microtopic 26 4 least privilege safe apis CONTENT v4 SCORM package

    • Micro-Topic 26.5: Regex and Sanitization – Filtering Out the Junk

      ·       Learning Goal: Discuss the use of regular expressions and other sanitization techniques to strip out or reject known harmful patterns (like script tags, SQL meta-characters) from input, while cautioning that this should be a secondary measure (after whitelisting) and done carefully to avoid over-filtering or being bypassed.

    • microtopic 26 5 regex sanitization CONTENT v4 SCORM package
  • Collapse Expand

    Lesson 27: API Security — Modern Front-Door Controls

    Lesson Overview: In this lesson, students learn that APIs (Application Programming Interfaces) are the new “front door” to many applications (think mobile app backends, single-page app backends, etc.), and thus securing them is critical. We cover how to secure RESTful and other web APIs through strong authentication, authorization, input validation, rate limiting, and other modern API security practices, referencing common API vulnerabilities (like those in OWASP API Top 10).

    • Micro-Topic 27.1: API Authentication & Authorization – Who Can Call What

      ·       Learning Goal: Understand how to handle identity and access in APIs – using API keys, tokens (like JWT), OAuth, etc. – and ensuring that each API call properly verifies who is making the call and what they’re allowed to do (preventing issues like unauthorized data access).

    • microtopic 27 1 api auth authorization CONTENT v4 SCORM package

    • Micro-Topic 27.2: Input Validation for APIs – No Trust Even in JSON

      ·       Learning Goal: Reinforce that APIs need the same rigorous input validation as web forms. Just because data arrives as JSON or through a mobile app doesn’t mean it’s safe. Discuss validating JSON fields, data types, lengths, allowed values, etc., to prevent injection or business logic abuse.

    • microtopic 27 2 api input validation CONTENT v4 SCORM package

    • Micro-Topic 27.3: Rate Limiting & Throttling – Blocking the Brute-force and Flood

      ·       Learning Goal: Explain how APIs often enforce rate limiting (requests per minute, etc.) and why: to prevent brute-force attacks (like password guessing via API) and abuse (DoS or mass data scraping). Describe basic strategies for implementing throttling and why it’s part of API security.

    • microtopic 27 3 rate limiting throttling CONTENT v4 SCORM package

    • Micro-Topic 27.4: Data Exposure & Injection in APIs – Securing the Data Flow

      ·       Learning Goal: Cover how APIs might unintentionally expose sensitive data (e.g., sending too much info in JSON) and how they remain susceptible to injection if not coded carefully (like NoSQL injection or command injection through API parameters). Emphasize using proper filters and avoiding verbose responses.

    • microtopic 27 4 api data exposure injection CONTENT v4 SCORM package
  • Collapse Expand

    Lesson 28: Wireless & Mobile — Pocket Battlefield Hardening

    Lesson Overview: This lesson delves into securing wireless networks and mobile devices, the “pocket battlefields.” We address Wi-Fi security (WEP/WPA weaknesses, rogue APs, etc.) and mobile platform security (device encryption, app security). The goal is to teach how to harden these ubiquitous but vulnerable technologies.

    • Micro-Topic 28.1: Wi-Fi Security Basics – From WEP to WPA3

      ·       Learning Goal: Understand the evolution of Wi-Fi security protocols (WEP, WPA, WPA2, WPA3), their weaknesses, and current best practices for securing a wireless network.

    • microtopic 28 1 wifi security basics CONTENT v4 SCORM package

    • Micro-Topic 28.2: Common Wi-Fi Attacks – Eavesdropping, Evil Twins, and More

      ·       Learning Goal: Identify common attacks on wireless networks (sniffing, unauthorized APs, deauthentication attacks, evil twin/honeypot APs) and how to defend against them (encryption, user training, network monitoring).

    • microtopic 28 2 common wifi attacks CONTENT v4 SCORM package

    • Micro-Topic 28.3: Mobile Device Threats – Malware, Theft, and Insecure Apps

      ·       Learning Goal: Outline the main threats targeting mobile devices: malware (malicious apps), device theft leading to data compromise, and insecure or malicious apps (leaky data, excessive permissions). Discuss how to mitigate these (app sources, updates, encryption, mobile management).

    • microtopic 28 3 mobile device threats CONTENT v4 SCORM package

    • Micro-Topic 28.4: Securing Mobile Devices – Updates, Encryption, and Policies

      ·       Learning Goal: Provide a checklist of best practices to harden mobile devices: enabling full disk encryption, keeping OS/apps updated, using strong authentication (PIN/biometric), and understanding mobile security features (like Find My, two-factor on device, etc.).

    • microtopic 28 4 securing mobile devices CONTENT v4 SCORM package
  • Collapse Expand

    Lesson 29: IoT & OT Risks

  • Collapse Expand

    Lesson 30: Cloud + Crypto Essentials