Mobile-first self-study
Security Architecture 101
A layered security intuition simulator for backend and platform engineers. Move from simple mental models to systems behavior, production failure, and adversarial architecture; build the lab on the weekend.
Progress
Completion by learning layer
Layer 1: Deep Systems & Networking
0%0 of 11 complete
Layer 2: Cryptography
0%0 of 11 complete
Layer 3: Practical Security Engineering
0%0 of 10 complete
Layer 4: Cloud & Infra Security
0%0 of 9 complete
Layer 5: Offensive Knowledge
0%0 of 9 complete
Layer 6: AI Security
0%0 of 9 complete
Layer 1: Deep Systems & Networking
11 topicsLinux internals
OpenHow the kernel mediates files, processes, sockets, memory, and privilege.
memory
OpenVirtual memory, address spaces, isolation, and why memory bugs become control bugs.
processes
OpenProcess identity, lifecycle, isolation, and privilege inheritance.
syscalls
OpenThe contract between user programs and the kernel.
networking
OpenPackets, sockets, routing, NAT, firewalls, and service exposure.
TLS
OpenAuthentication, encryption, key agreement, and transport integrity.
DNS
OpenThe naming layer that silently controls where traffic goes.
HTTP internals
OpenMethods, headers, caching, proxies, cookies, and request interpretation.
QUIC
OpenA UDP-based encrypted transport with built-in TLS and stream multiplexing.
containers
OpenPackaging plus kernel isolation, not a lightweight virtual machine.
Kubernetes security
OpenCluster identity, scheduling, admission, network policy, and workload containment.
Layer 2: Cryptography
11 topicselliptic curves
OpenCompact public-key cryptography based on hard group problems.
signatures
OpenProof that a key approved a specific message.
MPC
OpenMultiple parties compute together without revealing their private inputs.
threshold cryptography
OpenCryptographic operations that require k of n participants.
zk systems
OpenProving a statement without revealing the underlying witness.
TEEs
OpenHardware-backed enclaves for code and data isolation.
hardware security
OpenSecurity properties rooted in chips, firmware, buses, and physical access.
HSMs
OpenDedicated systems for generating, storing, and using high-value keys.
key derivation
OpenTurning secrets into purpose-specific keys safely.
secure randomness
OpenUnpredictability as a security dependency.
authenticated encryption
OpenEncrypting data while also proving it was not modified.
Layer 3: Practical Security Engineering
10 topicsthreat modeling
OpenA structured way to decide what can go wrong and what to do about it.
trust boundaries
OpenPlaces where data, identity, or authority changes trust level.
attack trees
OpenBreaking attacker goals into concrete paths and prerequisites.
secrets lifecycle
OpenHow secrets are created, stored, used, rotated, revoked, and audited.
supply-chain attacks
OpenCompromise through dependencies, build systems, vendors, or update channels.
sandboxing
OpenReducing what compromised code can see or do.
secure SDLC
OpenBuilding security into design, coding, review, release, and operations.
auth systems
OpenAuthentication, authorization, sessions, tokens, and identity lifecycle.
policy engines
OpenCentralizing authorization decisions without centralizing all context.
exploit mitigation
OpenMaking vulnerabilities harder to weaponize reliably.
Layer 4: Cloud & Infra Security
9 topicsAWS IAM deeply
OpenAWS authorization as a graph of principals, policies, conditions, and resources.
KMS internals
OpenEnvelope encryption, key policy, grants, and cryptographic access control.
Nitro Enclaves
OpenAWS isolated compute environments with attestation and no direct networking.
VPC isolation
OpenNetwork segmentation, routing, and controlled exposure in cloud environments.
workload identity
OpenGiving services short-lived identity instead of static credentials.
service mesh security
OpenIdentity, mTLS, and policy for service-to-service traffic.
Kubernetes RBAC
OpenAuthorization for Kubernetes API verbs over resources.
SPIFFE/SPIRE
OpenStandard workload identities and automated attestation.
confidential computing
OpenProtecting data in use with hardware-backed isolation and attestation.
Layer 5: Offensive Knowledge
9 topicsmemory corruption
OpenWhen unsafe memory behavior becomes attacker-controlled behavior.
RCEs
OpenRemote code execution and why it is rarely the end of the story.
SSRF
OpenMaking a server send attacker-chosen requests.
deserialization
OpenTurning untrusted bytes into objects, and sometimes behavior.
OAuth abuse
OpenMisusing delegation flows, redirects, scopes, and tokens.
auth bypass
OpenReaching protected behavior without satisfying the intended check.
privilege escalation
OpenTurning limited access into more powerful authority.
wallet exploits
OpenAttacks against key custody, signing UX, and transaction intent.
smart contract exploits
OpenExploiting immutable on-chain logic, economics, and integrations.
Layer 6: AI Security
9 topicsagent permissioning
OpenGiving AI agents scoped authority instead of ambient power.
prompt injection
OpenUntrusted content steering model behavior across instruction boundaries.
model exfiltration
OpenExtracting model behavior, training data, system prompts, or proprietary outputs.
tool abuse
OpenMisusing the external capabilities connected to an AI system.
identity delegation
OpenLetting agents act for users or services without losing accountability.
credential vaulting
OpenKeeping AI-accessible credentials brokered, scoped, and recoverable.
AI sandboxing
OpenContaining model-generated code, browsing, files, and tool execution.
autonomous transaction security
OpenMaking agent-initiated payments, trades, or state changes safe.
secure memory systems for agents
OpenDesigning agent memory so recall does not become leakage or manipulation.