FallibleInc · abhishek-anand · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
diff --git a/README.md b/README.md
@@ -15,42 +15,42 @@ Our detailed explanations should help the first type while we hope our checklist
 1. [The Security Checklist](security-checklist.md)
 2. [What can go wrong?](what-can-go-wrong.md)    
 3. [Securely transporting stuff: HTTPS explained](https.md)
-4. Authentication: I am who I say I am  
+4. [Authentication: I am who I say I am](authentication.md)  
 4.1 Form based authentication  
 4.2 Basic authentication  
 4.3 One is not enough, 2 factor, 3 factor, ....   
 4.4 Why use insecure text messages? Introducing HOTP & TOTP   
 4.5 Handling password resets
-5. Authorization: What am I allowed to do?  
+5. [Authorization: What am I allowed to do?](authorization.md)  
 5.1 Token based Authorization  
 5.2 OAuth & OAuth2  
 5.3 JWT
-6. Data Validation and Sanitation: Never trust user input  
+6. [Data Validation and Sanitization: Never trust user input](data-validation.md)  
 6.1 Validating and Sanitizing Inputs  
 6.2 Sanitizing Outputs  
 6.3 Cross Site Scripting  
 6.4 Injection Attacks  
 6.5 User uploads  
 6.6 Tamper-proof user inputs
-7. Plaintext != Encoding != Encryption != Hashing  
+7. [Cryptography: Encoding vs Encryption vs Hashing](cryptography.md)  
 7.1 Common encoding schemes  
 7.2 Encryption  
 7.3 Hashing & One way functions  
 7.4 Hashing speeds cheatsheet
-8. Passwords: dadada, 123456 and cute@123  
+8. [Passwords: dadada, 123456 and cute@123](passwords.md)  
 8.1 Password policies  
 8.2 Storing passwords  
 8.3 Life without passwords
-9. Public Key Cryptography
-10. Sessions: Remember me, please  
+9. [Public Key Cryptography](public-key-cryptography.md)
+10. [Sessions: Remember me, please](sessions.md)  
 10.1 Where to save state?  
 10.2 Invalidating sessions  
 10.3 Cookie monster & you
-11. Fixing security, one header at a time  
+11. [Security Headers: Fixing security, one header at a time](security-headers.md)  
 11.1 Secure web headers  
 11.2 Data integrity check for 3rd party code  
 11.3 Certificate Pinning
-12. Configuration mistakes    
+12. [Configuration Security: Secure infrastructure and deployment](configuration-security.md)    
 12.1 Provisioning in cloud: Ports, Shodan & AWS  
 12.2 Honey, you left the debug mode on  
 12.3 Logging (or not logging)  
@@ -60,19 +60,25 @@ Our detailed explanations should help the first type while we hope our checklist
 12.7 Storing project secrets and passwords in a file    
 12.8 DNS: Of subdomains and forgotten pet-projects  
 12.9 Patching & Updates  
-13. Attacks: When the bad guys arrive  
+13. [Attacks: When the bad guys arrive](attacks.md)  
 13.1 Clickjacking  
 13.2 Cross Site Request Forgery  
 13.3 Denial of Service  
 13.4 Server Side Request Forgery
 14. [Stats about vulnerabilities discovered in Internet Companies](vulnerabilities-stats.md)   
-15. On reinventing the wheel, and making it square  
+15. [On reinventing the wheel, and making it square: Security Libraries](security-libraries.md)  
 15.1 Security libraries and packages for Python  
 15.2 Security libraries and packages for Node/JS  
 15.3 Learning resources
-16. Maintaining a good security hygiene
-17. Security Vs Usability
-18. Back to Square 1: The Security Checklist explained
+16. [Maintaining a good security hygiene](security-hygiene.md)
+17. [AI & LLM Security: Securing AI-powered applications](ai-security.md)  
+17.1 Prompt injection attacks and defenses  
+17.2 Model security and integrity  
+17.3 Data privacy in AI systems  
+17.4 AI supply chain security  
+17.5 Responsible AI deployment
+18. [Security Vs Usability](security-usability.md)
+19. [Back to Square 1: The Security Checklist explained](security-checklist-explained.md)