OWASP Top Ten for LLM Apps Secure Development Training

A first step towards secure LLM applications

Overview

Introduction

The OWASP Top 10 for LLMs 2025 is a great place to start when learning about Large Language Model and Generative AI application security. OWASP is the Open Web Application Security Project and is a non-profit organisation that aims to educate individuals and organisations about application security. They organise events, sponsor projects and run local chapter meetings to promote awareness of both offensive and defensive application security techniques.

The OWASP Top 10 for LLMs is part of OWASP’s GenAI Securiy Project and identifies the ten most critical security risks and mitigation for developing secure generative AI and large language model applications.

Our training

Our OWASP Top Ten for LLM Applications training is available online or live, trainer-led.

The workshop aims to provide developers with an understanding of these LLM-specific vulnerabilities, how they manifest themselves, how attackers exploit them and what the impact can be and then, most importantly, we explain how to develop defensively to prevent these weaknesses. We explain what works and what doesn’t and some common issues we encounter during our penetration testing engagements.

Live

The live version is a half-day, in-person workshop which can be delivered on-site at your offices, or via Google Meet, Zoom, Teams, etc.

Benefits

Reduce LLM Security Vulnerabilities

Get your developers up to speed on common LLM application security issues and start to reduce the number of vulnerabilities in your AI-powered software.

Reduce Security Testing Costs

Remove common LLM security issues earlier in the Software Development Lifecycle and save time and money on costly fixes once the pentesters have reviewed your application.

Compliance

Our OWASP Top Ten for LLMs training helps you meet your compliance requirements and demonstrates due diligence in AI security practices.

Raise Awareness

Your development team is focused on functional delivery. By raising awareness of LLM-specific attack techniques through demonstration your developers can factor this knowledge into AI application design decisions. Result == more secure LLM applications.

What To Expect

Overview

The workshop runs for half a day, approximately 4 hours, though it can be extended by incorporating more practical examples if desired. The live course can be delivered online via Google Meet or Zoom, on site at your preferred location internationally or in a hybrid manner with some delegates attending online and some in-person. This is very common now with the widespread change to working arrangements since the pandemic.

Workshop Outline

Our workshop walks attendees through the OWASP Top 10 for LLMs 2025. Each issue is introduced, practical examples are given using our application security labs to show the potential impact, then defensive approaches are discussed. The workshop covers the following LLM-specific risks:

  • LLM01 – Prompt Injection
  • LLM02 – Sensitive Information Disclosure
  • LLM03 – Supply Chain
  • LLM04 – Data and Model Poisoning
  • LLM05 – Improper Output Handling
  • LLM06 – Excessive Agency
  • LLM07 – System Prompt Leakage
  • LLM08 – Vector and Embedding Weaknesses
  • LLM09 – Misinformation
  • LLM10 – Unbounded Consumption

Requirements

There are only three requirements we have for delivering the workshop at your office:

  • Projector with VGA or HDMI connector
  • Power
  • Internet access for our trainer

Next Steps

Want to discuss your requirements further? Wondering whether OWASP Top Ten for Large Language Model Applications Secure Development Training is right for your business? There's an easy way to find out, give us a call or complete this handy contact form to tell us where you're at and we will work with you to find the best solution for you.
+44 (0)203 475 2443 sales@4armed.com
4ARMED Limited
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England