### Network Segmentation Example Structure Source: https://github.com/microsoft/security-101/blob/main/_autodocs/NETWORKING_SECURITY.md Illustrates a typical network segmentation structure using firewalls to isolate different zones. ```text Internet → Perimeter Firewall → DMZ (public services) → Internal Firewall → User Network → Data Network → Admin Network ``` -------------------------------- ### Allowlist Example for Countries Source: https://github.com/microsoft/security-101/blob/main/_autodocs/APPLICATION_SECURITY.md This example demonstrates an allowlist approach for validating country codes. It accepts only predefined values to ensure data integrity. ```plaintext Allowed countries: ["US", "CA", "MX", "UK", "DE"] Accept only values in this list ``` -------------------------------- ### Add New Lesson to Security 101 Project Source: https://github.com/microsoft/security-101/blob/main/AGENTS.md Follow these steps to add a new lesson. This involves creating a Markdown file, adding content, updating README and module tables, and committing changes. ```bash # 1. Create new Markdown file with proper naming touch "[Module].[Lesson] [Title].md" # 2. Add content following template structure # 3. Update README.md module table with new entry # 4. Add entry to module overview table # 5. Ensure quiz file numbering is correct # 6. Commit changes git add "[Module].[Lesson] [Title].md" README.md git commit -m "Add: [Module].[Lesson] - [Title]" git push ``` -------------------------------- ### Blocklist Example for Malicious Strings Source: https://github.com/microsoft/security-101/blob/main/_autodocs/APPLICATION_SECURITY.md This example shows a blocklist approach to reject known malicious strings. It is less secure than an allowlist and should be used with caution. ```plaintext Reject values containing: " OR ", "--", "/*", "*/", ";", "DROP" ``` -------------------------------- ### Clone Security 101 Repository Source: https://github.com/microsoft/security-101/blob/main/AGENTS.md Use this command to clone the project repository. Navigate into the directory and serve the content locally. ```bash # Clone the repository git clone https://github.com/microsoft/Security-101.git cd Security-101 # View content locally - any Markdown viewer works # OR serve with a simple HTTP server to use Docsify rendering python -m http.server 8000 # Then visit http://localhost:8000 in your browser ``` -------------------------------- ### Serve Security 101 Content Locally Source: https://github.com/microsoft/security-101/blob/main/AGENTS.md Options for serving the project content locally for preview. Choose between Python's built-in server or Node.js http-server. ```bash # Option 1: Use Python's built-in HTTP server python -m http.server 8000 ``` ```bash # Option 2: Use Node.js http-server (if available) npx http-server -p 8000 ``` ```bash # Option 3: View Markdown files directly in any Markdown editor ``` -------------------------------- ### HTML Output Encoding Example Source: https://github.com/microsoft/security-101/blob/main/_autodocs/APPLICATION_SECURITY.md Illustrates encoding special characters for HTML context to prevent Cross-Site Scripting (XSS) attacks. For example, '<' is converted to '<'. ```plaintext < becomes < ``` -------------------------------- ### Adversarial Attack Examples Source: https://github.com/microsoft/security-101/blob/main/_autodocs/AI_SECURITY.md Provides examples of adversarial attacks across different AI applications, including facial recognition, email classification, and autonomous vehicles. These attacks involve subtle input modifications to cause mispredictions. ```text Facial Recognition: - Adding subtle changes to face to fool recognition - Could bypass biometric authentication Email Classification: - Adding benign text to malicious email - Makes classifier think email is legitimate Autonomous Vehicle: - Physical alterations to stop sign - Vehicle interprets as speed limit sign ``` -------------------------------- ### Preview Content Locally with Node.js http-server Source: https://github.com/microsoft/security-101/blob/main/translations/en/AGENTS.md Alternatively, use Node.js's http-server to preview the project's content locally. Ensure Node.js and npm are installed. ```bash npx http-server -p 8000 ``` -------------------------------- ### Serve Documentation Locally with Python HTTP Server Source: https://github.com/microsoft/security-101/blob/main/AGENTS.md Serve the documentation locally to test rendering and links using Python's built-in HTTP server. Visit http://localhost:8000 in your browser to preview changes. ```bash # Serve locally to test Docsify rendering python -m http.server 8000 # Visit http://localhost:8000 # Click through navigation to verify all links work # Check that images load properly # Verify Markdown formatting renders correctly ```