Course Outline

62 episodes across 12 modules — from first principles to production deployment.

Module 1 — Foundations (5 eps)

What Is a Threat Model? — Why “we’ll add security later” is the most expensive sentence in software.

The STRIDE Framework — Six categories of threat, each demonstrated through legal tech scenarios.

Attack Surfaces in Legal Tech — Your users handle confidential information belonging to adversarial parties. That changes everything.

Defence in Depth — The medieval castle model applied to SaaS architecture.

The CIA Triad Meets Legal Privilege — Confidentiality, integrity, and availability reframed for privileged documents.

Module 2 — How the Web Works (1 ep)

How Web Apps Actually Work — HTTP, DNS, cookies, and the request lifecycle — the plumbing you need to understand before you can secure it.

Module 3 — Application Security (6 eps)

Input Validation and Sanitisation — Never trust anything that crosses a boundary. Not user input, not API responses, not uploaded files.

SQL Injection and ORM Safety — The attack that’s been around for 25 years and still works.

Cross-Site Scripting (XSS) — When your own page runs someone else’s code.

File Upload Security — A DOCX is a ZIP is an attack vector. Legal tech lives on uploaded documents.

Webhook Security and SSRF — When your server makes requests on behalf of an attacker.

Browser Security Headers — Five HTTP headers that prevent entire categories of attack.

Module 4 — Transport & Network Security (3 eps)

TLS and HTTPS from Scratch — What actually happens during a TLS handshake, and why it matters for legal data in transit.

API Gateway Patterns and Rate Limiting — The front door to your system and how to control who gets through.

Service-to-Service Authentication — Your microservices trust each other by default. That’s the problem.

Module 5 — Authentication (7 eps)

Email Security for SaaS — SPF, DKIM, DMARC — why your transactional emails land in spam and how phishing exploits the gap.

Password Hashing Done Right — bcrypt, scrypt, Argon2 — and why MD5 is not a password hash.

JWT Anatomy and Pitfalls — The token everyone uses and almost nobody validates correctly.

Session Management — Cookies, token rotation, and what happens when a lawyer leaves their laptop open at a café.

OAuth 2.0 and OpenID Connect — Delegated authentication without handing over the keys.

Multi-Factor Authentication — Something you know, something you have, something that annoys your users.

SSO, SAML and Enterprise Identity — The price of admission to enterprise legal departments.

Module 6 — Authorization & Access Control (5 eps)

RBAC — Roles, Permissions and Scopes — The simplest access model that actually works for most legal tools.

ABAC and Policy Engines — When roles aren’t enough and access depends on context.

Ethical Walls and Matter-Scoped Access — Conflicts of interest enforced in code, not just policy memos.

Zero Trust Architecture — Verify every request. Trust no network. Assume breach.

Multi-Tenant Data Isolation — Firm A must never see Firm B’s documents. Sounds obvious until you check the WHERE clause.

Module 7 — Data Protection & Encryption (5 eps)

Encryption at Rest vs. in Transit — Two different problems with two different solutions. Most people confuse them.

Key Management and Rotation — Encryption is easy. Managing the keys is where everyone fails.

Secrets Management — Your API keys are in a .env file committed to git. Let’s fix that.

PII Handling and Anonymisation — Personal data has legal gravity. Minimise what you collect, protect what you keep.

Database Security Hardening — Default credentials, open ports, and the backup nobody encrypted.

Module 8 — AI-Specific Security (8 eps)

Prompt Injection Attacks — Your LLM will follow instructions hidden in a contract. Here’s how to stop it.

RAG Poisoning and Document Trust Tiers — When the retrieval corpus itself becomes the attack vector.

Embedding Security and Vector Database Isolation — Semantic search across tenants is a data breach with extra steps.

Model Inversion and Membership Inference — What an attacker can learn from your model’s outputs about its training data.

Governed Writes and Human-in-the-Loop — The AI drafts. A human approves. The audit trail proves it.

LLM API Key Isolation and Inference Gateways — One leaked key should not expose every tenant’s data to every model.

Redaction Pipelines for Cloud AI — Strip privileged content before it leaves your infrastructure.

Local vs. Cloud AI — Security Boundaries — The trade-offs between keeping data on-premise and using frontier models.

Module 9 — Audit, Logging & Provenance (4 eps)

Audit Log Design — If it’s not in the log, it didn’t happen. Design for the regulator, not the developer.

Hash-Chained Immutable Logs — Tamper-evident audit trails that prove nobody rewrote history.

Provenance Chains for AI Outputs — Tracing every AI-generated clause back to the prompt, model, and human who approved it.

Correlation IDs and Distributed Tracing — Following a single request across ten services without losing your mind.

Module 10 — Infrastructure & Deployment (8 eps)

Docker Security and Container Hardening — Containers are not VMs. Running as root inside one is running as root outside one.

CI/CD Pipeline Security — Your deployment pipeline has more access than any developer. Treat it accordingly.

Supply Chain Security — Dependencies, SBOM, and build provenance — because you didn’t write 97% of your code.

Environment Configuration and Secure Defaults — Production should be locked down by default, not opened up by accident.

Cloud IAM and Least Privilege — Every service gets exactly the permissions it needs and not one more.

Developer Workstation Security — The weakest link is usually the laptop with production credentials cached in a shell history.

Trusting the AI Developer — Verifying agent-generated code before it reaches production.

Day Zero — Bootstrapping security for a new project — what to do in the first 48 hours.

Module 11 — Monitoring & Incident Response (6 eps)

Monitoring and Alerting Design — You can’t secure what you can’t see. Observability as a security primitive.

Incident Response Playbooks — The 3am breach call. Who does what, in what order, with what authority.

Disaster Recovery and Business Continuity — Backups are not a recovery plan. Test the restore, not the backup.

Security Testing in Your Development Process — Shifting left without slowing down — SAST, DAST, and dependency scanning in CI.

Access Reviews and Least Privilege Audits — Permissions accumulate. Quarterly reviews are cheaper than quarterly breaches.

Insider Threats and Employee Access — The hardest threat to model is the one with legitimate credentials.

Module 12 — Compliance & Governance (4 eps)

GDPR, PDPA and Data Protection Compliance — The regulations that turn data handling mistakes into seven-figure fines.

SOC 2, Penetration Testing and Security Certification — What the audit actually checks and how to pass it without a last-minute scramble.

Customer Trust and Security Reviews — The 200-question security questionnaire from your biggest prospect. Be ready.

Security Roadmapping — From here to production — prioritising what to build first when you can’t do everything at once.