OWASP Top 10 for Large Language Models

Focused View

Christopher Nett

1:53:20

143 View

1. Introduction

1. Welcome.mp4

00:52

Files.zip

2. Basics - Large Language Models (LLMs)

1. What is an LLM.mp4

02:39

2. What is a Prompt.mp4

03:41

3. Architecture of an LLM.mp4

03:27

3. Basics - OWASP

1. What is OWASP.mp4

01:13

2. OWASP Top 10 - Web Application Security Risks.mp4

04:38

3. OWASP Top 10 - API Security Risks.mp4

07:27

4. OWASP Top 10 - LLM Security Risks.mp4

06:00

4. LLM01 Prompt Injection

1. Prompt Injection.mp4

03:30

2. Countermeasures.mp4

01:54

3.1 Portswigger Register.html

3. Lab Setup.mp4

01:18

4.1 Lab - Indirect Prompt Injection.html

4. Demo.mp4

14:34

5. LLM02 Insecure Handling Output

1. Insecure Handling Output.mp4

02:28

2. Countermeasures.mp4

01:15

3.1 Lab - Exploiting Insecure Output Handling.html

3. Demo.mp4

11:40

6. LLM03 Training Data Poisoning

1. Training Data Poisoning.mp4

03:08

2. Countermeasures.mp4

01:14

7. LLM04 Model Denial of Service

1. Model Denial of Service.mp4

03:27

2. Countermeasures.mp4

01:11

8. LLM05 Supply Chain Vulnerabilities

1. Supply Chain Vulnerabilities.mp4

02:28

2. Countermeasures.mp4

01:46

3.1 Lab - Exploiting Vulnerabilities in LLMs.html

3. Demo.mp4

08:32

9. LLM06 Sensitive Information Disclosure

1. Sensitive Information Disclosure.mp4

04:18

2. Countermeasures.mp4

00:48

10. LLM07 Insecure Plugin Design

1. Insecure Plugin Design.mp4

02:29

2. Countermeasures.mp4

02:23

11. LLM08 Excessive Agency

1. Excessive Agency.mp4

02:10

2. Countermeasures.mp4

01:20

3.1 Lab - Exploiting LLMs with Excessive Agency.html

3. Demo.mp4

03:24

12. LLM09 Overreliance

1. Overreliance.mp4

03:08

2. Countermeasures.mp4

01:05

13. LLM10 Model Theft

1. Model Theft.mp4

01:29

2. Countermeasures.mp4

01:26

14. Bonus

1.1 Christopher Nett.html

1. Bonus.mp4

00:58

Description

Learn the OWASP Top 10 for LLMs | Gain knowledge on AI Security | Hacking generative AI | Including 4 Hands-on Demos

What You'll Learn?

Learn the OWASP Top 10 for LLMs
Explore the foundational principles of the Open Web Application Security Project.
Understand the core architecture, functionality, and risks associated with Large Language Models.
Learn to identify and mitigate vulnerabilities from malicious inputs that can alter LLM behavior.
Ensure safe handling and rendering of LLM outputs to prevent unintended data leaks.
Prevent and respond to attacks aiming to corrupt the data used to train LLMs.
Tackle threats that aim to overload or disrupt LLM services, ensuring availability.
Address risks introduced through third-party services and dependencies.
Prevent unintended exposure of sensitive data through LLM interactions.
Securely design and implement plugins or extensions.
Manage and limit the autonomous decision-making capabilities of LLMs.
Educate on the risks and limitations of over-dependence on LLM.
Protect LLM intellectual property from unauthorized access and duplication.

Who is this for?

SOC Analyst

Security Engineer

Security Consultant

Security Architect

Security Manager

CISO

Red Team

Blue Team

Cybersecurity Professional

Ethical Hacker

Penetration Tester

Incident Handler

Prompt Engineer

AI Security Consultant

What You Need to Know?

Willingness to learn cool stuff!

Basic IT Knowledge

More details

Description
OWASP Top 10 for LLMs by Christopher Nett is a meticulously organized Udemy course designed for IT professionals aiming to master the OWASP Top 10 for LLMs to build, protect and exploit Large Language Models. This course systematically guides you from the basis to advanced concepts of the OWASP Top 10 for LLMs.
By mastering the OWASP Top 10 for LLMs, you're developing expertise in essential topics in today's cybersecurity landscape. Through this course, you'll develop expertise in attacking and securing LLMs, a comprehensive and complex topic widely recognized in the industry.
This deep dive into the OWASP Top 10 for LLMs equips you with the skills necessary for a cutting-edge career in cybersecurity.
Key Benefits for you:
OWASP Basics: Explore the foundational principles of the Open Web Application Security Project.
LLMs Basics: Understand the core architecture, functionality, and risks associated with Large Language Models.
LLM01 - Prompt Injection: Learn to identify and mitigate vulnerabilities from malicious inputs that can alter LLM behavior.
LLM02 - Insecure Output Handling: Ensure safe handling and rendering of LLM outputs to prevent unintended data leaks.
LLM03 - Training Data Poisoning: Prevent and respond to attacks aiming to corrupt the data used to train LLMs.
LLM04 - Model Denial of Service: Tackle threats that aim to overload or disrupt LLM services, ensuring availability.
LLM05 - Supply Chain Vulnerabilities: Address risks introduced through third-party services and dependencies.
LLM06 - Sensitive Information Disclosure: Prevent unintended exposure of sensitive data through LLM interactions.
LLM07 - Insecure Plugin Design: Securely design and implement plugins or extensions.
LLM08 - Excessive Agency: Manage and limit the autonomous decision-making capabilities of LLMs.
LLM09 - Overreliance: Educate on the risks and limitations of over-dependence on LLM.
LLM10 - Model Theft: Protect LLM intellectual property from unauthorized access and duplication.

IMPORTANT: This course does not come with a demo for all 10 OWASP risks since it is not feasible to effectively create a demo for risks such as LLM04 - Denial of Service or LLM10 - Model Theft.
The following risks have a demo included in their respective section:
LLM01 - Prompt Injection
LLM02 - Insecure Handling Output
LLM05 - Supply Chain Vulnerabilities
LLM08 - Excessive Agency
Who this course is for:
SOC Analyst
Security Engineer
Security Consultant
Security Architect
Security Manager
CISO
Red Team
Blue Team
Cybersecurity Professional
Ethical Hacker
Penetration Tester
Incident Handler
Prompt Engineer
AI Security Consultant

User Reviews

Rating

average 0

Total votes0

Focused display

Artificial Intelligence

Christopher Nett

Instructor's Courses

Christopher is security cloud solutions architect at Microsoft.Christopher has over 9 years of experience in cyber security, where he has advised some of the largest enterprises in the world on multi-million dollar projects.Education:★ MSc. Applied IT Security★ MBA★ BSc. Computer Science for BusinessCertifications:★ CISSP : Certified Information Systems Security Professional★ CCSP: Certified Cloud Security Professional★ CEH : Certified Ethical Hacker★ AZ-104: Azure Administrator Associate★ AZ-500: Azure Security Engineer Associate★ AZ-700: Azure Network Engineer Associate★ SC-100: Cybersecurity Architect Expert★ SC-200: Security Operations Analyst Associate★ SC-300: Identity and Access Administrator Associate★ KCNA: Kubernetes and Cloud Native Associate★ CKAD: Certified Kubernetes Application Developer★ CKA: Certified Kubernetes Administrator★ ATT&CK® Security Operations Center Assessment Certification★ ATT&CK Purple Teaming Methodology Certification★ ATT&CK® Adversary Emulation Methodology Certification★ ATT&CK® Cyber Threat Intelligence Certification★ HashiCorp Certified: Terraform Associate (002)★ Professional Scrum Master I★ Professional Scrum Product Owner I★ AWS Certified Security – Specialty★ AWS Certified Solutions Architect – Associate★ CCSK - Certificate of Cloud Security Knowledge

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.