LLM Security: Workshop for LLM Applications
TODO: there was an icon to the right of the title (oven with flame)....
TODO: As so often on the other pages, we would actually need a 2-column component here…. this column is EMPTY
Since the boom of OpenAI's ChatGPT, Large Language Models (LLMs) have become widespread in the development of modern software solutions. However, the integration of LLMs into procedures, processes and web-based applications brings new security risks and a new dimension of complexity. To avoid attacks and data leaks, it is particularly important to consider security during the design phase.
The aim of this workshop is to show participants the security risks involved in using these technologies and to teach effective security approaches and countermeasures.
Wir stützen uns in diesem Workshop auf die aktuellen Richtlinien von OWASP (Top 10 for LLMs >>TODO: Link-einfügen<<) und Mitre (ATLAS >>TODO: Link-einfügen<<). Unsere Vorgehensweise orientiert sich dabei am Aufbau und der Integration eines LLMs in folgenden Phasen:
- First, the structure of the LLM infrastructure is examined. This includes the correct selection of the model format, consideration of the hosting platform or the secure integration of an LLM API. The structure of the knowledge databases, such as a RAG vector store, is also considered. The focus is on the secure handling of internal and, above all, sensitive data. Relevant risks include prompt injection (OWASP module LLM01) and training data poisoning (LLM03).
- Furthermore, the system architecture is checked. Consideration of the system architecture includes the secure integration of the LLM components into the application landscape and security at the infrastructure level. This also includes the correct connection to logging and monitoring systems, authentication and authorization services, as well as to third-party systems, e.g. for hosting plugins. Relevant risks include supply chain vulnerabilities (LLM05) and insecure plugin design (LLM07).
- In addition, the security of operating the application is examined. The following questions are clarified: Have I taken appropriate steps against prompt injection? Am I integrating my functions and plugins securely? And am I adequately protecting myself against attacks “from within”? Relevant risks at this point include prompt injection (LLM01), insecure output handling (LLM02) and sensitive information disclosure (LLM06).
Particular emphasis is placed on these aspects:
- Early integration of security aspects when integrating LLMs
- Identification and assessment of associated risks
- Strategies for securing your systems, adapted to your requirements
- Support in deciding on the most suitable protection strategy
TODO: Unfortunately, there is no suitable "Services" block here. Only the lengthy information about it. Perhaps this needs to be broken down further....
TODO: Here was a link to “The Big Application Security Pentest FAQ for Clients” and below it a block with “AP Tom”. Below that was a “Career” call with a picture, 2 blocks and a link “More”
mgm sp
DeepDive
A penetration test can be carried out with varying degrees of prior knowledge – from a completely blind flight to the complete disclosure of the system architecture. The choice between Blackbox, Greybox and Whitebox determines the depth, effort and significance of the test.
I am the reading text. I can be deselected below via the toggle. Lorem ipsum dolor sit amet sed Marcus is here today in the Colosseum. But where is Cornelia? She waits a long time. Finally she rejoices and laughs. There she is! There she sits!
Comparison 1
- topic 1
- topic 2
- topic 3
Comparison 2
- topic 1
- topic 2
- topic 3 dasdasdsa dsdsa