some changes to the modules

2. Curriculum.md

@@ -20,6 +20,17 @@ Modules:
 
 Below is a more detailed view of the modules
 
+<<<<<<< HEAD
+Module 1: Secure Architecture and Threat Modeling\
+  &nbsp; &nbsp; &nbsp; &nbsp; STRIDE, DREAD, LINDDUN\
+  &nbsp; &nbsp; &nbsp; &nbsp; Data Flow Diagrams (DFDs)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Trust boundaries\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure SDLC practices\
+  &nbsp; &nbsp; &nbsp; &nbsp; Common design flaws
+  &nbsp; &nbsp; &nbsp; &nbsp; Core security principles (Least Privilege, Defense in Depth, Fail Securely)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Attack surface reduction\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure design patterns (e.g., secure defaults, centralized security controls)
+=======
 Module 1: Secure Architecture and Threat Modeling  
         STRIDE, DREAD, LINDDUN  
         Data Flow Diagrams (DFDs)  
@@ -210,6 +221,7 @@ Module 3: Authorisation
 
 &nbsp;	- Use a dedicated XPath API that handles parameters securely instead of building XPath queries with string concatenation.
 
+>>>>>>> main
 
 
 
@@ -297,9 +309,19 @@ Module 6: Error Handling
         Logging sensitive operations securely  
         Avoiding stack traces/info leaks
 
+<<<<<<< HEAD
+Module 7: Secure Logging\
+  &nbsp; &nbsp; &nbsp; &nbsp; Log protection (tamper resistance)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Real-time alerting and monitoring\
+  &nbsp; &nbsp; &nbsp; &nbsp; What to log (security events) vs. what not to log (PII, secrets)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Log sanitization to prevent log injection\
+  &nbsp; &nbsp; &nbsp; &nbsp; Standardized log formats (e.g., JSON, CEF)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure log storage, access controls, and retention policies
+=======
 Module 7: Secure Logging  
         Log protection (tamper resistance)  
         Real-time alerting and monitoring
+>>>>>>> main
 
 Module 8: Data Protection and Privacy  
         TLS enforcement  
@@ -314,12 +336,24 @@ Module 9: Secure Communications
         Certificate pinning  
         Secure protocol selection
 
+<<<<<<< HEAD
+Module 10: Malicious Code, Supply Chain and Open Source Software\
+  &nbsp; &nbsp; &nbsp; &nbsp; Dependency management (SCA tools like OWASP Dependency-Check)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure deserialization\
+  &nbsp; &nbsp; &nbsp; &nbsp; Subdomain takeover\
+  &nbsp; &nbsp; &nbsp; &nbsp; Code signing and verification\
+  &nbsp; &nbsp; &nbsp; &nbsp; Open source software and licensing\
+  &nbsp; &nbsp; &nbsp; &nbsp; Understanding Software Bill of Materials (SBOM)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Dependency confusion and typosquatting attacks\
+  &nbsp; &nbsp; &nbsp; &nbsp; Verifying dependency integrity (checksums, signatures)
+=======
 Module 10: Malicious Code, Supply Chain and Open Source Software  
         Dependency management (SCA tools like OWASP Dependency-Check)  
         Secure deserialization  
         Subdomain takeover  
         Code signing and verification  
         Open source software and licensing
+>>>>>>> main
 
 Module 11: Business Logic Security  
         Logical flaws (race conditions, inconsistent state)  
@@ -332,6 +366,35 @@ Module 12: Secure File and Resource Handling
         RFI, SSRF protections  
         MIME sniffing and validation
 
+<<<<<<< HEAD
+Module 13: API and Web Service Security\
+  &nbsp; &nbsp; &nbsp; &nbsp; REST, GraphQL, and SOAP security models\
+  &nbsp; &nbsp; &nbsp; &nbsp; Authentication and authorization for APIs\
+  &nbsp; &nbsp; &nbsp; &nbsp; Throttling and abuse protection\
+  &nbsp; &nbsp; &nbsp; &nbsp; JSON and XML parser safety\
+  &nbsp; &nbsp; &nbsp; &nbsp; Common API vulnerabilities (BOLA, Mass Assignment, Excessive Data Exposure)\
+  &nbsp; &nbsp; &nbsp; &nbsp; API input and output validation (schema validation)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Use of API Gateways for security enforcement
+
+Module 14: Secure Configuration and Deployment\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure defaults\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secrets management (vaults, env vars)\
+  &nbsp; &nbsp; &nbsp; &nbsp; CORS, CSP, HSTS\
+  &nbsp; &nbsp; &nbsp; &nbsp; CI/CD pipeline security (SAST/SCA/SBOM integration, pipeline permissions)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Infrastructure as Code (IaC) security\
+  &nbsp; &nbsp; &nbsp; &nbsp; Container security (image scanning, Dockerfile hardening)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Hardening web and application server configurations
+
+Module 15: Security of and for AI\
+  &nbsp; &nbsp; &nbsp; &nbsp; Understanding the OWASP Top 10 for LLMs\
+  &nbsp; &nbsp; &nbsp; &nbsp; Prompt Injection (Direct and Indirect)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Insecure Output Handling from models\
+  &nbsp; &nbsp; &nbsp; &nbsp; Training Data Poisoning\
+  &nbsp; &nbsp; &nbsp; &nbsp; Model Denial of Service (DoS) and Evasion Attacks\
+  &nbsp; &nbsp; &nbsp; &nbsp; Model Theft, Inversion, and Extraction\
+  &nbsp; &nbsp; &nbsp; &nbsp; Secure MLOps practices (securing the ML pipeline)\
+  &nbsp; &nbsp; &nbsp; &nbsp; Privacy-Preserving ML (e.g., Federated Learning, Differential Privacy)
+=======
 Module 13: API and Web Service Security  
         REST, GraphQL, and SOAP security models  
         Authentication and authorization for APIs  
@@ -348,3 +411,4 @@ Module 15: Security of and for AI
         Securing models  
         Securing datasets
 
+>>>>>>> main