# microsoft/security-101

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/microsoft-security-101).**

6,203 stars · 839 forks · HTML · cc0-1.0

## Links

- GitHub: https://github.com/microsoft/Security-101
- Homepage: https://microsoft.github.io/Security-101/
- awesome-repositories: https://awesome-repositories.com/repository/microsoft-security-101.md

## Topics

`appsec` `cia-triad` `data-protection` `data-security` `iam` `identity` `risk-management` `secops` `security` `threat-modeling` `zero-trust`

## Description

Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field.

The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of domains, including AI system security, cloud security, zero trust principles, identity and access management, network security, data protection, and security operations. Each module reinforces learning through end-of-module quizzes that test comprehension and direct learners to further reading.

The material spans core cybersecurity areas such as application security, cloud security posture management, data protection and compliance, identity and access management, network security and segmentation, and threat detection and response. It also addresses emerging areas like AI system security, covering data poisoning defense, adversarial attacks, and model hardening, as well as traditional security practices for AI infrastructure. The curriculum is structured to build knowledge sequentially, with each module providing a self-contained learning unit.

## Tags

### Part of an Awesome List

- [MITRE ATT&CK Analysis](https://awesome-repositories.com/f/awesome-lists/devtools/threat-analysis-tools/mitre-att-ck-analysis.md) — Uses the MITRE ATT&CK framework to catalog adversary tactics, techniques, and procedures for understanding attacks.
- [Curricula](https://awesome-repositories.com/f/awesome-lists/devtools/threat-analysis-tools/mitre-att-ck-analysis/curricula.md) — Provides a curriculum specifically for learning the MITRE ATT&CK framework for threat analysis.
- [Cybersecurity Curriculum](https://awesome-repositories.com/f/awesome-lists/learning/cybersecurity-curriculum.md) — Ships a structured, vendor-agnostic curriculum for learning foundational cybersecurity concepts.
- [Foundational Security Concepts](https://awesome-repositories.com/f/awesome-lists/learning/foundational-security-concepts.md) — Teaches core security principles like the CIA triad and zero trust through introductory modules. ([source](https://cdn.jsdelivr.net/gh/microsoft/security-101@main/README.md))
- [Identity and Access Management](https://awesome-repositories.com/f/awesome-lists/security/identity-and-access-management.md) — Teaches identity and access management as a foundational security domain in its curriculum.
- [NIST-Aligned Workflows](https://awesome-repositories.com/f/awesome-lists/security/incident-response-frameworks/nist-aligned-workflows.md) — Teaches incident response workflows aligned with the NIST Cybersecurity Framework's core functions.
- [Curricula](https://awesome-repositories.com/f/awesome-lists/security/incident-response-frameworks/nist-aligned-workflows/curricula.md) — Provides a curriculum specifically for learning the NIST Cybersecurity Framework for incident response.
- [Layered Defense Strategies](https://awesome-repositories.com/f/awesome-lists/security/kernel-hardening/layered-defense-strategies.md) — Teaches deploying overlapping technical, procedural, and physical defenses so a breach in one layer is blocked by others. ([source](https://github.com/microsoft/Security-101/blob/main/1.5%20Zero%20trust.md))
- [AI Red Teaming](https://awesome-repositories.com/f/awesome-lists/ai/ai-red-teaming.md) — Teaches probing AI systems for security flaws, behavioral failures, and prompt injection risks. ([source](https://github.com/microsoft/Security-101/blob/main/8.2%20AI%20security%20capabilities.md))
- [Defense Strategies](https://awesome-repositories.com/f/awesome-lists/ai/poisoning-attack-implementations/defense-strategies.md) — Teaches defenses against data poisoning attacks that manipulate training data to alter model behavior. ([source](https://github.com/microsoft/Security-101/blob/main/8.1%20AI%20security%20key%20concepts.md))
- [Security Terminology Definitions](https://awesome-repositories.com/f/awesome-lists/learning/foundational-security-concepts/security-terminology-definitions.md) — Teaches security terminology definitions to align security discussions. ([source](https://github.com/microsoft/Security-101/blob/main/1.3%20Understanding%20risk%20management.md))
- [Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/application-security-testing/vulnerability-scanning.md) — Teaches penetration testing, code reviews, and automated scanning to find and fix security weaknesses. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Design Integration](https://awesome-repositories.com/f/awesome-lists/security/application-security/design-integration.md) — Teaches integrating security into application architecture from the start, not as an afterthought. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Post-Authentication Controls](https://awesome-repositories.com/f/awesome-lists/security/authentication-and-permissions/post-authentication-controls.md) — Teaches post-authentication permission control as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))
- [Security-as-a-Service Models](https://awesome-repositories.com/f/awesome-lists/security/cloud-security/security-as-a-service-models.md) — Covers cloud-based security services that combine network security and wide-area networking. ([source](https://github.com/microsoft/Security-101/blob/main/3.2%20Networking%20zero%20trust%20architecture.md))
- [Continuous Security Monitoring](https://awesome-repositories.com/f/awesome-lists/security/continuous-security-monitoring.md) — Teaches continuous monitoring of network and system activities to detect and respond to security incidents.
- [DDoS Mitigation](https://awesome-repositories.com/f/awesome-lists/security/ddos-mitigation.md) — Teaches DDoS mitigation strategies to filter malicious traffic and maintain availability. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))
- [Honeypots and Deception](https://awesome-repositories.com/f/awesome-lists/security/honeypots-and-deception.md) — Covers planting fake assets to mislead and detect intruders before they reach real systems. ([source](https://github.com/microsoft/Security-101/blob/main/4.3%20SecOps%20capabilities.md))
- [Lifecycle Governance](https://awesome-repositories.com/f/awesome-lists/security/identity-and-access/lifecycle-governance.md) — Teaches identity lifecycle governance as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Pre-Access Verification](https://awesome-repositories.com/f/awesome-lists/security/identity-and-access/pre-access-verification.md) — Teaches pre-access identity verification as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.2%20IAM%20zero%20trust%20architecture.md))
- [Malware Detection](https://awesome-repositories.com/f/awesome-lists/security/malware-detection.md) — Teaches how to identify malicious software like ransomware and viruses as part of security education. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Runtime Analysis](https://awesome-repositories.com/f/awesome-lists/security/mobile-application-analysis/runtime-analysis.md) — Teaches combining static and dynamic analysis to detect vulnerabilities during application execution. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Penetration Testing](https://awesome-repositories.com/f/awesome-lists/security/penetration-testing.md) — Teaches emulating attacker techniques to discover vulnerabilities and assess application security posture. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [AI System Testing](https://awesome-repositories.com/f/awesome-lists/security/security-and-testing/ai-system-testing.md) — Teaches automated tools and adversarial testing techniques for evaluating ML model and data pipeline vulnerabilities. ([source](https://github.com/microsoft/Security-101/blob/main/8.2%20AI%20security%20capabilities.md))
- [Feed Integrations](https://awesome-repositories.com/f/awesome-lists/security/threat-intelligence-feeds/feed-integrations.md) — Teaches how to integrate external threat intelligence feeds to improve detection accuracy. ([source](https://github.com/microsoft/Security-101/blob/main/4.3%20SecOps%20capabilities.md))
- [Zero-Day Response Strategies](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-exploits/zero-day-response-strategies.md) — Teaches response strategies for attacks targeting unknown vulnerabilities before patches are available. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))

### DevOps & Infrastructure

- [Responsibility Mappings](https://awesome-repositories.com/f/devops-infrastructure/cloud-deployment-services/responsibility-mappings.md) — Teaches shared responsibility model mapping for cloud security deployments. ([source](https://github.com/microsoft/Security-101/blob/main/1.6%20Shared%20responsibility%20model.md))
- [Availability Defenses](https://awesome-repositories.com/f/devops-infrastructure/high-availability-systems/availability-defenses.md) — Teaches strategies to defend against availability attacks such as DDoS as part of security operations. ([source](https://github.com/microsoft/Security-101/blob/main/1.1%20The%20CIA%20triad%20and%20other%20key%20concepts.md))
- [Security Event Correlation](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-operations/infrastructure-event-correlation-tools/security-event-correlation.md) — Teaches how to aggregate and link disparate security signals to identify complex attack patterns. ([source](https://github.com/microsoft/Security-101/blob/main/4.3%20SecOps%20capabilities.md))
- [Patch Management](https://awesome-repositories.com/f/devops-infrastructure/vulnerability-management/patch-management.md) — Teaches updating software and firmware to fix vulnerabilities and reduce the attack surface. ([source](https://github.com/microsoft/Security-101/blob/main/6.1%20Infrastructure%20security%20key%20concepts.md))

### Education & Learning Resources

- [Security Framework-Aligned Curricula](https://awesome-repositories.com/f/education-learning-resources/curriculum-frameworks/security-framework-aligned-curricula.md) — Organizes learning modules around MITRE ATT&CK and NIST Cybersecurity Framework for structured security education.
- [Knowledge Assessments](https://awesome-repositories.com/f/education-learning-resources/educational-resources/courses-training-certifications/courses-structured-learning/coding-exercises/knowledge-assessments.md) — Includes end-of-module quizzes to test comprehension of cybersecurity concepts. ([source](https://github.com/microsoft/Security-101/blob/main/2.4%20End%20of%20module%20quiz.md))
- [Cybersecurity Training Materials](https://awesome-repositories.com/f/education-learning-resources/educational-resources/courses-training-certifications/courses-structured-learning/courses/cybersecurity-training-materials.md) — Provides open-source educational content and structured modules for learning cybersecurity concepts.
- [Sequential Module Structures](https://awesome-repositories.com/f/education-learning-resources/front-end-knowledge-bases/module-quizzes/sequential-module-structures.md) — Structures learning into sequential modules that build knowledge progressively with end-of-module reinforcement.
- [Module Quizzes](https://awesome-repositories.com/f/education-learning-resources/educational-resources/courses-training-certifications/courses-structured-learning/learning-path-guides/study-methodologies/knowledge-transfer-testing/module-quizzes.md) — Includes end-of-module multiple-choice quizzes that test comprehension and reinforce learning. ([source](https://github.com/microsoft/Security-101/blob/main/3.4%20End%20of%20module%20quiz.md))
- [Secure Coding Guides](https://awesome-repositories.com/f/education-learning-resources/secure-coding-guides.md) — Provides educational resources and frameworks for teaching developers secure coding practices. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Security Procedures](https://awesome-repositories.com/f/education-learning-resources/security-implementation-guides/security-procedures.md) — Teaches security procedure definition for executing security tasks. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))

### Scientific & Mathematical Computing

- [Security Risk Assessments](https://awesome-repositories.com/f/scientific-mathematical-computing/risk-assessment-metrics/risk-assessment/risk-management-frameworks/security-risk-assessments.md) — Teaches structured security risk assessment as a core part of the cybersecurity curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/1.3%20Understanding%20risk%20management.md))

### Security & Cryptography

- [AI Security](https://awesome-repositories.com/f/security-cryptography/ai-security.md) — Provides a dedicated curriculum module on AI system security including adversarial attacks and model hardening.
- [Threat Protections](https://awesome-repositories.com/f/security-cryptography/ai-security/threat-protections.md) — Covers defenses against data poisoning, adversarial attacks, and model manipulation unique to AI systems. ([source](https://github.com/microsoft/Security-101/blob/main/8.1%20AI%20security%20key%20concepts.md))
- [Regulatory Compliance Guides](https://awesome-repositories.com/f/security-cryptography/application-security-standards/compliance-mapping-tools/security-requirement-frameworks/regulatory-compliance-guides.md) — Teaches regulatory compliance frameworks for data protection and privacy. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))
- [Authentication and Authorization](https://awesome-repositories.com/f/security-cryptography/authentication-and-authorization.md) — Covers both authentication and authorization as core identity and access management concepts. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Behavioral Threat Detection](https://awesome-repositories.com/f/security-cryptography/behavioral-threat-detection.md) — Teaches how to establish baseline behavior patterns and detect deviations that signal potential threats. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Cloud Security Posture Management](https://awesome-repositories.com/f/security-cryptography/cloud-security-posture-management.md) — Teaches cloud security posture management concepts as part of a foundational cybersecurity curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/6.2%20Infrastructure%20security%20capabilities.md))
- [Curricula](https://awesome-repositories.com/f/security-cryptography/cloud-security-posture-management/curricula.md) — Provides a structured curriculum for learning cloud security, covering responsibility mapping and posture management.
- [Cross-Domain Security Curricula](https://awesome-repositories.com/f/security-cryptography/cross-domain-security-curricula.md) — Provides a comprehensive curriculum covering identity, network, data, cloud, and AI security domains.
- [User Identity Verification](https://awesome-repositories.com/f/security-cryptography/identity-authentication/user-identity-verification.md) — Teaches user authentication as a foundational step before granting system access. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))
- [Incident Response Plans](https://awesome-repositories.com/f/security-cryptography/incident-response-plans.md) — Covers following a tested plan to contain, eradicate, and recover from security breaches effectively. ([source](https://github.com/microsoft/Security-101/blob/main/4.2%20SecOps%20zero%20trust%20architecture.md))
- [Network Segmentation](https://awesome-repositories.com/f/security-cryptography/network-segmentation.md) — Teaches network segmentation as a fundamental strategy to isolate zones and contain breaches. ([source](https://github.com/microsoft/Security-101/blob/main/3.2%20Networking%20zero%20trust%20architecture.md))
- [Posture Assessment Engines](https://awesome-repositories.com/f/security-cryptography/posture-based-access-control/posture-assessment-engines.md) — Teaches evaluating and monitoring an organization's overall cybersecurity readiness to identify vulnerabilities. ([source](https://github.com/microsoft/Security-101/blob/main/6.1%20Infrastructure%20security%20key%20concepts.md))
- [Practical Security Framework Applications](https://awesome-repositories.com/f/security-cryptography/practical-security-framework-applications.md) — Grounds theoretical security concepts in practical frameworks like Zero Trust and cloud responsibility models.
- [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Teaches role-based access control as a core mechanism for enforcing least-privilege access policies.
- [Role-Based Access Management](https://awesome-repositories.com/f/security-cryptography/role-based-access-management.md) — Teaches role-based permissions as a key mechanism for enforcing least-privilege access. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Security Operations Automation](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response/security-operations-automation.md) — Covers using orchestration tools to streamline repetitive tasks and accelerate incident response. ([source](https://github.com/microsoft/Security-101/blob/main/4.2%20SecOps%20zero%20trust%20architecture.md))
- [Identity Verification](https://awesome-repositories.com/f/security-cryptography/user-access-management/identity-verification.md) — Teaches identity verification as a core component of access control and zero trust principles. ([source](https://github.com/microsoft/Security-101/blob/main/1.5%20Zero%20trust.md))
- [Multi-User Authorization](https://awesome-repositories.com/f/security-cryptography/user-access-management/multi-user-authorization.md) — Teaches user authorization to determine what authenticated users can access. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))
- [Zero Trust Access Controls](https://awesome-repositories.com/f/security-cryptography/zero-trust-access-controls.md) — Covers zero trust principles that require continuous identity verification for every access request. ([source](https://github.com/microsoft/Security-101/blob/main/2.2%20IAM%20zero%20trust%20architecture.md))
- [Zero Trust Networking](https://awesome-repositories.com/f/security-cryptography/zero-trust-networking.md) — Teaches zero trust identity enforcement as a core principle of modern security architecture. ([source](https://github.com/microsoft/Security-101/blob/main/2.2%20IAM%20zero%20trust%20architecture.md))
- [Curricula](https://awesome-repositories.com/f/security-cryptography/zero-trust-networking/curricula.md) — Provides a curriculum specifically for learning zero trust security principles.
- [Infrastructure Security Measures](https://awesome-repositories.com/f/security-cryptography/ai-security/infrastructure-security-measures.md) — Covers specialized security measures for AI cloud and hardware infrastructure beyond standard IT protections. ([source](https://github.com/microsoft/Security-101/blob/main/8.1%20AI%20security%20key%20concepts.md))
- [Model Hardening Techniques](https://awesome-repositories.com/f/security-cryptography/ai-security/model-hardening-techniques.md) — Teaches techniques to secure ML models against adversarial inputs and reverse-engineering. ([source](https://github.com/microsoft/Security-101/blob/main/8.1%20AI%20security%20key%20concepts.md))
- [Traditional Security for AI Systems](https://awesome-repositories.com/f/security-cryptography/ai-security/traditional-security-for-ai-systems.md) — Applies established cybersecurity practices like access control and vulnerability management to AI systems. ([source](https://github.com/microsoft/Security-101/blob/main/8.1%20AI%20security%20key%20concepts.md))
- [Adaptive Authentication](https://awesome-repositories.com/f/security-cryptography/authentication-adapters/adaptive-authentication.md) — Teaches adaptive authentication as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [User Behavior Anomaly Detection](https://awesome-repositories.com/f/security-cryptography/behavioral-threat-detection/user-behavior-anomaly-detection.md) — Teaches how to detect anomalous user behavior as part of security monitoring education. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Cloud-Native Application Protection Platforms](https://awesome-repositories.com/f/security-cryptography/cloud-security-monitoring/cloud-native-application-protection-platforms.md) — Covers cloud-native application protection as a topic within the security curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/6.2%20Infrastructure%20security%20capabilities.md))
- [Container Security](https://awesome-repositories.com/f/security-cryptography/container-security-scanners/container-security.md) — Teaches container security principles including image scanning and runtime isolation. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Credential Stuffing Protections](https://awesome-repositories.com/f/security-cryptography/credential-stuffing-protections.md) — Teaches credential stuffing protections as a defense mechanism within the security curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Cross-Site Scripting Prevention](https://awesome-repositories.com/f/security-cryptography/cross-site-scripting-prevention.md) — Teaches techniques to prevent malicious script injection into web applications that execute in users' browsers. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Denial of Service Prevention](https://awesome-repositories.com/f/security-cryptography/denial-of-service-prevention.md) — Covers denial of service prevention as a key network security defense. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Denial-of-Service Vector Detections](https://awesome-repositories.com/f/security-cryptography/denial-of-service-prevention/denial-of-service-vector-detections.md) — Teaches defending against attacks that aim to disrupt access to systems and data, such as DDoS. ([source](https://github.com/microsoft/Security-101/blob/main/1.1%20The%20CIA%20triad%20and%20other%20key%20concepts.md))
- [Dynamic Application Security Testing](https://awesome-repositories.com/f/security-cryptography/dynamic-application-security-testing.md) — Teaches sending input requests to live applications and analyzing responses to find security weaknesses. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Encrypted Tunneling](https://awesome-repositories.com/f/security-cryptography/encrypted-tunneling.md) — Teaches VPN encrypted tunnels as a method for secure remote communication. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))
- [Error Handling Security](https://awesome-repositories.com/f/security-cryptography/error-handling-security.md) — Teaches preventing sensitive information from leaking through error messages and maintaining secure audit logs. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Policy Definitions](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-governance/policy-definitions.md) — Teaches security policy definition for governing organizational security posture. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))
- [Security Standards](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-standards.md) — Teaches security standard definition for implementing technical controls. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))
- [General Security Hygiene Practices](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/security-frameworks/policy-management-systems/authentication-hygiene-practices/general-security-hygiene-practices.md) — Teaches fundamental cybersecurity practices like updating software and using multi-factor authentication. ([source](https://github.com/microsoft/Security-101/blob/main/6.1%20Infrastructure%20security%20key%20concepts.md))
- [Unified Incident Investigation Consoles](https://awesome-repositories.com/f/security-cryptography/incident-investigation-tools/unified-incident-investigation-consoles.md) — Teaches how to use centralized consoles for faster incident assessment from diverse telemetry sources. ([source](https://github.com/microsoft/Security-101/blob/main/4.3%20SecOps%20capabilities.md))
- [Least Privilege Enforcement](https://awesome-repositories.com/f/security-cryptography/least-privilege-enforcement.md) — Teaches least privilege enforcement as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/3.2%20Networking%20zero%20trust%20architecture.md))
- [Granting Principles](https://awesome-repositories.com/f/security-cryptography/least-privilege-enforcement/granting-principles.md) — Teaches the least privilege principle as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))
- [Principle](https://awesome-repositories.com/f/security-cryptography/least-privilege-enforcement/principle.md) — Teaches the least privilege principle as a foundational concept within the security curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))
- [Microservices Security](https://awesome-repositories.com/f/security-cryptography/microservices-security.md) — Covers authentication, authorization, and data protection measures for APIs and microservice architectures. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Misconfiguration Scanning](https://awesome-repositories.com/f/security-cryptography/misconfiguration-scanning.md) — Teaches scanning for misconfigurations and security weaknesses as part of vulnerability management. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Multi-Factor Authentication Providers](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication-providers.md) — Teaches multi-factor authentication as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Bastion Host Deployment](https://awesome-repositories.com/f/security-cryptography/network-security-hardening/bastion-host-deployment.md) — Teaches bastion host deployment as a method for secure administrative remote access. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))
- [Micro-Segmentation Techniques](https://awesome-repositories.com/f/security-cryptography/network-segmentation/micro-segmentation-techniques.md) — Teaches micro-segmentation as a technique to contain breaches and limit lateral movement. ([source](https://github.com/microsoft/Security-101/blob/main/1.5%20Zero%20trust.md))
- [Network Traffic Filters](https://awesome-repositories.com/f/security-cryptography/network-traffic-filters.md) — Covers traditional firewall traffic filtering as a basic network security control. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))
- [Awareness Training](https://awesome-repositories.com/f/security-cryptography/phishing-detections/awareness-training.md) — Educates users to recognize and avoid social engineering and phishing attacks through training. ([source](https://github.com/microsoft/Security-101/blob/main/4.2%20SecOps%20zero%20trust%20architecture.md))
- [Phishing Recognition Guides](https://awesome-repositories.com/f/security-cryptography/phishing-detections/phishing-recognition-guides.md) — Teaches users to recognize phishing attempts as part of security awareness training. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Privileged Access Management](https://awesome-repositories.com/f/security-cryptography/privileged-access-management.md) — Teaches privileged access management as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Account Management](https://awesome-repositories.com/f/security-cryptography/privileged-access-management/account-management.md) — Teaches privileged account management as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Cloud Security Group Rules](https://awesome-repositories.com/f/security-cryptography/resource-access-control/cloud-security-group-rules.md) — Teaches security group access control rules for cloud resource protection. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))
- [Secure Session Management](https://awesome-repositories.com/f/security-cryptography/secure-session-management.md) — Teaches protecting user sessions from hijacking and unauthorized access through secure session handling. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Provider Security Audits](https://awesome-repositories.com/f/security-cryptography/secure-storage/security-auditing/independent-security-audits/provider-security-audits.md) — Covers cloud provider security audits as part of vendor risk management education. ([source](https://github.com/microsoft/Security-101/blob/main/1.6%20Shared%20responsibility%20model.md))
- [Dependency Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/security-auditing/dependency-vulnerability-scanning.md) — Teaches scanning project dependencies for known security vulnerabilities as part of application security. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Security Baselines](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-baselines.md) — Teaches security baseline definition as a foundational governance practice. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))
- [Security Control Classifications](https://awesome-repositories.com/f/security-cryptography/security-control-validations/security-control-classifications.md) — Teaches categorizing safeguards as administrative, technical, physical, operational, or legal for a comprehensive defense. ([source](https://github.com/microsoft/Security-101/blob/main/1.3%20Understanding%20risk%20management.md))
- [Security Operations Teams](https://awesome-repositories.com/f/security-cryptography/security-operations-teams.md) — Defines a dedicated team responsible for monitoring, detecting, investigating, and responding to cybersecurity threats. ([source](https://github.com/microsoft/Security-101/blob/main/4.1%20SecOps%20key%20concepts.md))
- [Output Encoding Protections](https://awesome-repositories.com/f/security-cryptography/security-safety-resources/output-encoding-protections.md) — Teaches transforming data sent to clients so it cannot be interpreted as executable code, preventing injection attacks. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Security Guidelines](https://awesome-repositories.com/f/security-cryptography/security-standards/security-guidelines.md) — Teaches security guideline creation for handling situations beyond existing standards. ([source](https://github.com/microsoft/Security-101/blob/main/1.4%20Security%20practices%20and%20documentation.md))
- [Security Team Coordination Models](https://awesome-repositories.com/f/security-cryptography/security-team-coordination-models.md) — Describes models for distributing security responsibilities across operations, development, and security teams. ([source](https://github.com/microsoft/Security-101/blob/main/1.6%20Shared%20responsibility%20model.md))
- [Operations and Incident Response](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response.md) — Teaches threat detection and response workflows aligned with the NIST framework.
- [Security Operations Distinctions](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response/security-operations-distinctions.md) — Explains separating security operations from traditional IT by focusing on threat detection and risk mitigation. ([source](https://github.com/microsoft/Security-101/blob/main/4.1%20SecOps%20key%20concepts.md))
- [Single Sign-On](https://awesome-repositories.com/f/security-cryptography/single-sign-on.md) — Explains single sign-on as a method to reduce password fatigue and improve user experience. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Social Engineering Recognition Guides](https://awesome-repositories.com/f/security-cryptography/social-engineering-defenses/social-engineering-recognition-guides.md) — Teaches users to recognize social engineering tactics as part of security awareness training. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [SQL Injection Prevention](https://awesome-repositories.com/f/security-cryptography/sql-injection-prevention.md) — Covers best practices for preventing SQL injection through input validation and parameterized queries. ([source](https://github.com/microsoft/Security-101/blob/main/1.2%20Common%20cybersecurity%20threats.md))
- [Security Audits](https://awesome-repositories.com/f/security-cryptography/third-party-integrations/security-audits.md) — Teaches how to verify third-party security posture through audits and compliance checks before integration. ([source](https://github.com/microsoft/Security-101/blob/main/1.6%20Shared%20responsibility%20model.md))
- [Continuous Anomaly Monitoring](https://awesome-repositories.com/f/security-cryptography/threat-detection/anomaly-based-threat-identification/continuous-anomaly-monitoring.md) — Teaches continuous monitoring techniques for detecting anomalies and potential threats. ([source](https://github.com/microsoft/Security-101/blob/main/1.5%20Zero%20trust.md))
- [Insider](https://awesome-repositories.com/f/security-cryptography/threat-detection/insider.md) — Teaches how to monitor user behavior and access patterns to identify suspicious insider activities. ([source](https://github.com/microsoft/Security-101/blob/main/7.2%20Data%20security%20capabilities.md))
- [Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/traffic-filtering.md) — Describes traffic filtering as a protective layer that blocks harmful requests before they reach applications. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Biometric Verification](https://awesome-repositories.com/f/security-cryptography/user-access-management/identity-verification/biometric-verification.md) — Teaches biometric identity verification as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Directory Service Authenticators](https://awesome-repositories.com/f/security-cryptography/user-authentication-systems/directory-service-authenticators.md) — Teaches directory service authentication as a concept within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.3%20IAM%20capabilities.md))
- [Data Privacy Compliance](https://awesome-repositories.com/f/security-cryptography/user-privacy-protection/data-privacy-compliance.md) — Covers data protection and compliance as a core curriculum domain.
- [Web Application Firewalls](https://awesome-repositories.com/f/security-cryptography/web-application-firewalls.md) — Explains how web application firewalls inspect HTTP traffic to block common web attacks. ([source](https://github.com/microsoft/Security-101/blob/main/3.3%20Network%20security%20capabilities.md))

### Software Engineering & Architecture

- [Systematic Vulnerability Management](https://awesome-repositories.com/f/software-engineering-architecture/project-planning/risk-mitigation/vulnerability-prioritization/systematic-vulnerability-management.md) — Teaches the full lifecycle of identifying, assessing, prioritizing, mitigating, and monitoring vulnerabilities. ([source](https://github.com/microsoft/Security-101/blob/main/6.2%20Infrastructure%20security%20capabilities.md))
- [Agnostic Security Guidance](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/foundational-theory-and-guidance/agnostic-security-guidance.md) — Teaches core cybersecurity principles without tying content to specific products or platforms.
- [Code Review Practices](https://awesome-repositories.com/f/software-engineering-architecture/code-review-practices.md) — Teaches systematic code review practices for identifying security vulnerabilities and enforcing coding standards. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Integration Practices](https://awesome-repositories.com/f/software-engineering-architecture/secure-design-principles/integration-practices.md) — Teaches building security into software architecture and design from the start, not as an afterthought. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Secure Development Lifecycles](https://awesome-repositories.com/f/software-engineering-architecture/secure-development-lifecycles.md) — Teaches weaving security practices into every phase of software development from requirements through deployment. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))
- [Segregation of Duties Enforcements](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/foundational-theory-and-guidance/software-architecture-principles/coupling-dependency-management/inversion-of-control/segregation-of-duties-enforcements.md) — Teaches segregation of duties as a security control within the identity and access management curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/2.1%20IAM%20key%20concepts.md))

### System Administration & Monitoring

- [Centralized Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/centralized-logging-systems.md) — Explains aggregating logs from diverse sources into a central repository for analysis and incident response. ([source](https://github.com/microsoft/Security-101/blob/main/4.2%20SecOps%20zero%20trust%20architecture.md))
- [Automated Incident Response Workflows](https://awesome-repositories.com/f/system-administration-monitoring/incident-management/automated-incident-response-workflows.md) — Covers automated workflows triggered by suspicious activity to reduce manual incident response effort. ([source](https://github.com/microsoft/Security-101/blob/main/4.3%20SecOps%20capabilities.md))
- [Incident Response Workflows](https://awesome-repositories.com/f/system-administration-monitoring/incident-response-workflows.md) — Explains executing a continuous cycle of identifying, protecting, detecting, responding, and recovering from incidents. ([source](https://github.com/microsoft/Security-101/blob/main/4.1%20SecOps%20key%20concepts.md))

### Business & Productivity Software

- [Application Security Monitoring](https://awesome-repositories.com/f/business-productivity-software/real-time-monitoring/application-security-monitoring.md) — Teaches monitoring and responding to security threats as they occur during application execution. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))

### Data & Databases

- [Backup and Recovery](https://awesome-repositories.com/f/data-databases/backup-and-recovery.md) — Teaches backup and recovery strategies for data availability protection. ([source](https://github.com/microsoft/Security-101/blob/main/4.2%20SecOps%20zero%20trust%20architecture.md))
- [Data Lifecycle Management](https://awesome-repositories.com/f/data-databases/data-lifecycle-management.md) — Teaches data lifecycle policies for creating, storing, archiving, and disposing of data securely. ([source](https://github.com/microsoft/Security-101/blob/main/7.1%20Data%20security%20key%20concepts.md))

### Development Tools & Productivity

- [Dependency Patching Utilities](https://awesome-repositories.com/f/development-tools-productivity/dependency-patching-utilities.md) — Teaches updating third-party libraries with security fixes to close known vulnerabilities. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))

### Testing & Quality Assurance

- [Static Code Analysis](https://awesome-repositories.com/f/testing-quality-assurance/static-code-analysis.md) — Teaches automated source code scanning to detect security flaws before application execution. ([source](https://github.com/microsoft/Security-101/blob/main/5.2%20AppSec%20key%20capabilities.md))
- [Input Validation](https://awesome-repositories.com/f/testing-quality-assurance/validation-verification/input-validation.md) — Teaches checking every user-supplied input against expected formats to block malicious code or data. ([source](https://github.com/microsoft/Security-101/blob/main/5.1%20AppSec%20key%20concepts.md))

### Web Development

- [Authenticity Verification](https://awesome-repositories.com/f/web-development/element-selectors/presence-verifiers/entity-presence-verification/authenticity-verification.md) — Teaches entity authenticity verification as a concept within the security curriculum. ([source](https://github.com/microsoft/Security-101/blob/main/1.1%20The%20CIA%20triad%20and%20other%20key%20concepts.md))