 Applications - An Overview/thumbnail.webp?token=Y291cnNlcy8yMDI0LzAzL1RoZSBPV0FTUCBUb3AgMTAgZm9yIExhcmdlIExhbmd1YWdlIE1vZGVsIChMTE0pIEFwcGxpY2F0aW9ucyAtIEFuIE92ZXJ2aWV3L3RodW1ibmFpbC53ZWJwOjE3ODMyNjExMzU6YmE3MTlmNTgzNzM5YmVlYTM2NjQyYzYzMTIxMTJjZjI0YTlmYmQ2ZjkyMThhYWE5MjU0N2E0MDlmYTU1ZTUzZg%3D%3D)
The OWASP Top 10 for Large Language Model (LLM) Applications: An Overview (2024)
51mIntermediate2024-03-27
Authors
Reet Kaur
Course details
Ever since the release of ChatGPT, it seems like everyone is talking about large language models (LLMs). With the rapid adoption of this exciting new technology, it’s crucial for organizations to address malicious threat actors that could exploit the benefits of any emerging advancements and pose significant risks to your data and privacy.
This course covers the OWASP Top 10 for Large Language Models, which provides a list of the most dangerous risks of using this technology with practical strategies on how to prevent them. Join instructor Reet Kaur as she covers the ten most pressing, business-critical security vulnerabilities, including prompt injections, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft.
This course covers the OWASP Top 10 for Large Language Models, which provides a list of the most dangerous risks of using this technology with practical strategies on how to prevent them. Join instructor Reet Kaur as she covers the ten most pressing, business-critical security vulnerabilities, including prompt injections, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency, overreliance, and model theft.
Skills covered
Application SecurityNatural Language Processing (NLP)CybersecurityArtificial Intelligence (AI)One-Off
Concepts
0. Introduction
- 01 - Introduction to OWASP Top 10 for LLMs
- 02 - What is the OWASP and top 10 list
1. OWASP Top 10 for LLMs
- 03 - LLM vulnerability 01 - Prompt injection What is a prompt
- 04 - LLM vulnerability 01 - Injection attack
- 05 - LLM vulnerability 02 - Insecure output handling
- 06 - LLM vulnerability 03 - LLM build and deployment process
- 07 - LLM vulnerability 03 - Training data poisoning
- 08 - LLM vulnerability 04 - Model Denial of Service
- 09 - LLM vulnerability 05 - What is a supply chain vulnerability
- 10 - LLM vulnerability 05 - Supply chain vulnerability
- 11 - LLM vulnerability 06 - Sensitive information disclosure
- 12 - LLM vulnerability 07 - Insecure plugin design
- 13 - LLM vulnerability 08 - Excessive agency
- 14 - LLM vulnerability 09 - Over reliance
- 15 - LLM vulnerability 10 - Model theft
Conclusion
- 16 - Further reading and the next steps
Related courses
- The OWASP Top 10 for Large Language Model (LLM) Applications: An Overview
- Creating and Securing Bluetooth Low Energy (BLE) Applications
- Microservices Security Workshop: From Build to Production
- AI Product Security: Secure Architecture, Deployment, and Infrastructure
- SSL Certificates for Web Developers
- Implementing Zero Trust for 5G and Open RAN
- Application Security in DevSecOps
- Microservices: Security