Add learning objectives and extend curriculum

2.Curriculum/01.Security Architecture and Threat Modelling/01.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 1 - Security Architecture and Threat Modelling
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Understand and apply threat modelling methodologies to identify security risks
+- Interpret data flows and trust boundaries to secure application interfaces
+- Apply Secure by Design principles across different architecture layers
+- Translate threat model outputs into actionable secure development requirements
+
+---
+
 ## Knowledge
 The student will need knowledge of the following topics for Module 1:\
 What is security architecture\

2.Curriculum/02.Authentication and Credential Management/02.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 2 - Authentication and Credential Management
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Implement secure authentication mechanisms including SSO, MFA, and OpenID
+- Apply proper credential lifecycle management practices
+- Implement secure session management with appropriate cookie attributes
+- Securely handle JWT tokens with proper validation and security controls
+
+---
+
 ## Knowledge
 
 The student will need knowledge of the following topics for Module 1:\

2.Curriculum/03.Authorisation/03.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 3 - Authorisation
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Implement access control models including RBAC and ABAC
+- Apply principles of least privilege, deny by default, and segregation of duties
+- Prevent horizontal and vertical privilege escalation vulnerabilities
+- Implement object-level and function-level access control (OLAC and FLAC)
+
+---
+
 ## Knowledge
 
 

2.Curriculum/04.Input Validation and Output Encoding/04.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 4 - Input Validation and Output Encoding
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Implement comprehensive input validation strategies for various data types
+- Apply appropriate encoding and escaping techniques to prevent injection attacks
+- Distinguish between client-side and server-side validation requirements
+- Prevent common vulnerabilities including SQL injection, XSS, and command injection
+
+---
+
 ## Knowledge
 
 

2.Curriculum/05.Cryptography and Key Management/05.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 5 - Cryptography and Key Management
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Apply cryptographic solutions appropriately for confidentiality, integrity, and authenticity
+- Select secure cipher suites and algorithms while avoiding deprecated options
+- Implement proper key management including generation, storage, rotation, and deletion
+- Recognize and defend against common cryptographic attacks
+
+---
+
 ## Knowledge
 
 

2.Curriculum/06.Error Handling/06.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 6 - Error Handling
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Implement secure exception handling patterns that prevent information disclosure
+- Design fail-secure systems that maintain security during error conditions
+- Configure appropriate error logging without exposing sensitive data
+- Apply framework-specific error handling best practices
+
+---
+
 ## Knowledge
 
 

2.Curriculum/06.Error Handling/06.01 - Error Handling.md

@@ -1,12 +1,147 @@
 # Module 6. Error Handling
 
-6.1 The importance of error handling for applications
+## 6.1 The Importance of Error Handling for Applications
 
-6.2 Reasons why stack traces should not be displayed 
+### Security Implications
 
-6.3 The various ways in which errors can be handled
+- Error handling as a security control
+- Information disclosure through errors
+- Attack surface reduction through proper error handling
+- Error handling in defense-in-depth strategy
 
-6.4 Error logging
-- Error data that should be logged
-- Error data that should be sanitised before being logged
+### Business Impact
 
+- User experience considerations
+- System reliability and availability
+- Audit and compliance requirements
+
+---
+
+## 6.2 Secure Exception Handling Patterns
+
+### Exception Handling Best Practices
+
+- Catch specific exceptions rather than generic ones
+- Handle exceptions at appropriate layers
+- Avoid empty catch blocks
+- Clean up resources in finally blocks or using patterns
+
+### Exception Propagation
+
+- When to catch vs. propagate exceptions
+- Exception wrapping and chaining
+- Custom exception classes for security events
+
+---
+
+## 6.3 Error Message Sanitization
+
+### Reasons Why Stack Traces Should Not Be Displayed
+
+- Reveals internal application structure
+- Exposes file paths and line numbers
+- May disclose database schema or queries
+- Aids attackers in reconnaissance
+
+### Safe Error Messages
+
+- Generic user-facing error messages
+- Error codes for support reference
+- Separate detailed logging for developers
+- Localization of error messages
+
+---
+
+## 6.4 Fail-Secure vs Fail-Open Design
+
+### Fail-Secure Principles
+
+- Deny access when errors occur
+- Default to restrictive state
+- Maintain security invariants during failures
+
+### Implementation Strategies
+
+- Authorization defaults on error
+- Session handling during exceptions
+- Transaction rollback on security errors
+- Circuit breaker patterns
+
+---
+
+## 6.5 Global Error Handlers
+
+### Centralized Error Handling
+
+- Application-level exception handlers
+- Middleware for error processing
+- Consistent error response formatting
+- Error classification and routing
+
+### Framework-Specific Implementations
+
+- Web application error pages
+- API error response standards
+- Microservices error propagation
+- Event-driven error handling
+
+---
+
+## 6.6 Error Logging Without Sensitive Data Exposure
+
+### Error Data That Should Be Logged
+
+- Timestamp and request ID
+- Error type and code
+- User identifier (if authenticated)
+- Request context (sanitized)
+- Stack traces (in secure logs only)
+
+### Error Data That Should Be Sanitized Before Being Logged
+
+- Passwords and credentials
+- Session tokens
+- Personal identifiable information
+- Credit card numbers
+- API keys and secrets
+
+---
+
+## 6.7 Framework-Specific Error Handling
+
+### Web Frameworks
+
+- Custom error pages configuration
+- Exception filters and middleware
+- Content negotiation for error responses
+- CORS considerations for errors
+
+### API Frameworks
+
+- Consistent error schema
+- HTTP status code selection
+- Rate limit error handling
+
+---
+
+## 6.8 Production vs Development Error Modes
+
+### Development Mode
+
+- Detailed error messages enabled
+- Stack traces visible
+- Debug information available
+- Hot reload and development tools
+
+### Production Mode
+
+- Generic error messages
+- No stack traces to users
+- Structured logging to secure systems
+- Performance-optimized error handling
+
+### Configuration Management
+
+- Environment-based configuration
+- Secure defaults
+- Detection of misconfiguration

2.Curriculum/07.Secure Logging/07.00 - Objectives.md

@@ -1,5 +1,16 @@
 # Objectives for Module 7 - Secure Logging
 
+## Learning Objectives
+
+After completing this module, developers will be able to:
+
+- Implement comprehensive logging for security-relevant events
+- Prevent log injection attacks and protect log integrity
+- Design centralized logging architectures with proper retention policies
+- Apply structured logging formats with correlation IDs for distributed systems
+
+---
+
 ## Knowledge