⚔️AI Security Arena
ArenaHistoryLeaderboardNewsPricing
Navigation
DashboardArena
Battles
Match HistoryReplay ViewerLeaderboard
Learn
Security FundamentalsPentestingCloud SecurityPrompt TrainingArchitecture
Knowledge
Security NewsPricingResourcesCompliance
Community

Security Fundamentals

Build a solid foundation in cybersecurity with structured course modules

8 modules~260 min total
#1beginner~20 min

CIA Triad

Understand the three core pillars of information security: Confidentiality, Integrity, and Availability. These principles form the foundation for all security decisions.

Topics

  • •Confidentiality: protecting data from unauthorized access
  • •Integrity: ensuring data accuracy and trustworthiness
  • •Availability: maintaining reliable access to resources
  • +3 more topics

Key Takeaways

  • ✓Every security decision involves trade-offs between CIA properties
  • ✓Different systems prioritize different pillars (e.g., banking = integrity, healthcare = confidentiality)
  • ✓Availability attacks (DoS) are often the easiest to execute but hardest to prevent
#2beginner~30 min

Authentication & Authorization

Learn the difference between proving identity (authentication) and granting permissions (authorization). Explore modern auth patterns and common vulnerabilities.

Topics

  • •Authentication factors: knowledge, possession, biometrics
  • •Multi-factor authentication (MFA) strategies
  • •OAuth 2.0 and OpenID Connect flows
  • +3 more topics

Key Takeaways

  • ✓Authentication answers 'who are you?' while authorization answers 'what can you do?'
  • ✓MFA significantly reduces account compromise risk
  • ✓Token-based auth (JWT) enables stateless authentication but requires careful implementation
#3intermediate~35 min

Cryptography Basics

Survey fundamental cryptographic concepts including symmetric/asymmetric encryption, hashing, and digital signatures. Understand when and how to apply each.

Requires:cia-triad

Topics

  • •Symmetric encryption: AES, ChaCha20
  • •Asymmetric encryption: RSA, ECC, key exchange
  • •Hash functions: SHA-256, bcrypt, Argon2 for passwords
  • +3 more topics

Key Takeaways

  • ✓Never roll your own crypto -- use established libraries and algorithms
  • ✓Symmetric encryption is fast but requires shared secrets; asymmetric solves key distribution
  • ✓Hashing is one-way; encryption is two-way -- choose the right tool for the job
#4intermediate~30 min

Network Security

Explore network defense strategies from firewalls to intrusion detection systems. Learn how to secure network infrastructure and monitor for threats.

Requires:cia-triad

Topics

  • •Network segmentation and VLANs
  • •Firewall types: stateless, stateful, next-gen (NGFW)
  • •Intrusion Detection/Prevention Systems (IDS/IPS)
  • +3 more topics

Key Takeaways

  • ✓Defense in depth: no single network control is sufficient
  • ✓Zero trust assumes breach and verifies every request regardless of network location
  • ✓Network monitoring is essential for detecting lateral movement and data exfiltration
#5intermediate~40 min

Web Security

Dive into the OWASP Top 10 and common web application vulnerabilities. Learn to identify and mitigate injection attacks, XSS, CSRF, and more.

Requires:authn-authz

Topics

  • •OWASP Top 10 overview (latest edition)
  • •SQL Injection and parameterized queries
  • •Cross-Site Scripting (XSS): reflected, stored, DOM-based
  • +3 more topics

Key Takeaways

  • ✓Input validation and output encoding are the two most important web security controls
  • ✓The OWASP Top 10 shifts over time -- broken access control is now #1
  • ✓Security headers provide an additional defense layer with minimal implementation cost
#6intermediate~35 min

Incident Response

Learn the incident response lifecycle: preparation, detection, containment, eradication, recovery, and lessons learned. Build effective IR playbooks.

Requires:cia-triadnetwork-security

Topics

  • •IR lifecycle phases (NIST SP 800-61)
  • •Preparation: IR plans, teams, and communication channels
  • •Detection and analysis: SIEM, log correlation, IOC identification
  • +3 more topics

Key Takeaways

  • ✓Preparation is the most important IR phase -- you cannot improvise a response during a breach
  • ✓Document everything during an incident for legal and improvement purposes
  • ✓Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) are critical IR metrics
#7advanced~30 min

Risk Management

Understand how to identify, assess, and prioritize security risks. Learn frameworks for making informed decisions about security investments.

Requires:cia-triadincident-response

Topics

  • •Risk = Likelihood x Impact
  • •Qualitative vs quantitative risk assessment
  • •Risk treatment options: mitigate, transfer, accept, avoid
  • +3 more topics

Key Takeaways

  • ✓Not all risks need to be eliminated -- some should be accepted or transferred
  • ✓Threat modeling should happen early in the development lifecycle
  • ✓Risk management is a continuous process, not a one-time assessment
#8advanced~40 min

Security Frameworks

Survey major security frameworks and standards: NIST CSF, ISO 27001, SOC 2, CIS Controls, and NIS2. Understand compliance requirements and implementation strategies.

Requires:risk-management

Topics

  • •NIST Cybersecurity Framework (CSF) 2.0 core functions
  • •ISO 27001: ISMS requirements and certification
  • •SOC 2 Type I vs Type II audits
  • +3 more topics

Key Takeaways

  • ✓Frameworks provide structure but must be adapted to your organization's context
  • ✓Compliance does not equal security -- frameworks are a baseline, not a ceiling
  • ✓NIS2 significantly expands scope of EU cybersecurity requirements for essential entities