Add your offcanvas content in here

The Company

Portfolio

Overview Application Security

Simplifying your IT-security journey.

Training

LLM Security Best Practices

01. Basics02. Our Services03. Your Benefit

Implement and operate LLM systems securely. Based on the OWASP LLM Top 10.

This training provides answers to the following questions

  • What threats does the use of Large Language Models entail?
  • Why are classic security paradigms not sufficient here?
  • Where do I start for a secure design and development of LLM applications?
  • What measures must I take for secure operation?

Headline 3

Text 3

LLM-based components offer virtually unlimited application possibilities due to their wide range of functionalities. However, their use also introduces new security risks, as sensitive data is often integrated for the contextualization of requests, processed by the LLM, and embedded in a wide variety of contexts.

One of the most important foundations for security in the development of LLM applications is awareness of potential threats. The training derives these for LLM applications from the principles of traditional IT security and current security guidelines for generative AI, such as the OWASP Top 10 for LLM Applications. This generic approach enables participants to be prepared not only for existing but also for future attack vectors.

The training enables participants to identify common threats when using LLM applications and assess their risks. Special emphasis is placed on the presentation and evaluation of effective protective measures.

Our compact training is designed as an introduction to the secure development of AI-supported applications. Based on our experience, we show how typical security gaps arise and can be exploited. We address real threats in the context of the respective company or industry. Finally, we bridge the gap to pragmatic solutions, modern approaches, and best practices for the secure development and integration of LLM applications.

Course content

Contents

Risks

OWASP Top 10 for Large Language Model Applications

  1. Prompt Injection

  2. Sensitive Information Disclosure

  3. Supply Chain

  4. Data and Model Poisoning

  5. Improper Output Handling

  6. Excessive Agency

  7. System Prompt Leakage

  8. Vector and Embedding Weaknesses

  9. Misinformation

  10. Unbounded Consumption

Measures

  • Prevent the outflow of sensitive information

  • Enforce Authentication & Authorization

  • Input Validation, Output Encoding

  • Best practices for integrating LLM components

 

Details

This training is aimed at companies and organizations. It is individually tailored to your requirements and the team's prior knowledge and can be carried out in-house or online. This training can be economical from as few as three participants.

Target Group

  • Decision-makers
  • Project managers
  • Architects
  • Software developers
  • Security officers

Duration & Format

  • The training is offered in two versions: for a less technically oriented group of participants with a duration of 3 hours and for technically oriented participants with a duration of 6 hours.
  • On-site or online training

Our trainers

Our promise: from practice, for practice & always up to date. That's why all our trainers are active experts with many years of experience in the subject area they teach.

Bastian Braun is a Senior Consultant IT Security at mgm security partners. He works on the development of secure web applications using agile processes, leads seminars for developers, project managers and penetration testers, performs product and security analyses, and advises clients on all aspects of web security.

He has been involved in web security for more than 15 years from an academic research perspective and as applied best practice. He particularly enjoys transferring academic research results into everyday industrial practice. He is a board member of the German OWASP Chapter and a regular speaker at relevant conferences.

Dr. Bastian Braun

Specialist for:
Cloud DevSecOps Lean Application Security Secure Software Development SSDLC Web Applications

Benjamin Kellermann is an information security consultant and penetration tester at mgm security partners in Dresden. Since 2004, he has been intensively involved in information security and conducted research on secure web applications at the Chair of Data Protection and Data Security with Prof. Andreas Pfitzmann. For several years he taught in the field of information security and is a speaker at numerous conferences. Through many security audits and penetration tests, Mr. Kellermann has the necessary expertise to address even technically very detailed questions.

Dr. Benjamin Kellermann

Specialist for:
Cloud DevSecOps Mobile Apps Network Infrastructure Penetration Testing SSDLC

Mirko Richter is an SSDLC consultant, SAST specialist, penetration tester and branch manager at mgm security partners in Dresden and has many years of experience as a developer, project manager and architect.
He has in-depth know-how and experience in hardening software solutions in the web-based area. In order to maintain this know-how, he is still actively involved in software projects alongside his consulting work and can therefore respond to relevant questions in great detail.

Mirko Richter

Specialist for:
LLM SAST Secure Software Development SSDLC

Björn Kirschner is an information security consultant and penetration tester at mgm security partners in Munich. Björn can look back on many penetration tests of a wide variety of technologies (web applications, mobile apps, network infrastructure, servers, ...). In addition to seminars, he conducts source code analyses and advises clients on many aspects of web application security, especially within the framework of a secure development process.

Björn Kirschner

Specialist for:
Cloud DevSecOps Mobile Apps Network Infrastructure Penetration Testing Server Secure Software Development Web Applications

Reinhard Böhme is an experienced IT security consultant and trainer with a broad technical background and practical expertise in penetration testing (Web, Mobile, Infrastructure, Host Audits, ASVS) and cloud security (Azure, AWS). He combines in-depth knowledge of modern cloud infrastructures and information security with practical experience, making complex security topics practical and interesting for his seminar participants.

Reinhard Böhme

Specialist for:
Cloud Mobile Apps Network Infrastructure Penetration Testing Web Applications

Your Benefit

Our training courses not only impart knowledge, they also change mindsets. Your developers will learn to identify security vulnerabilities early on and avoid them in a targeted manner. The result: more robust applications, more confidence - and a clear advantage in everyday project work.

All trainers are actively working Security Consultants. They contribute their experience with everyday problems, which often conflict with security requirements, and thus contribute to a pragmatic, realistic approach to security.

  • Practical methods instead of theory to avoid typical security gaps in web applications and mobile apps.
  • Content according to the latest standards by actively working, experienced Security Consultants.
  • Secure coding for long-term maintainability and quality of the source code.
  • Increased security awareness in the team prevents pitfalls at an early stage.
  • Protection against liability risks & damage to reputation.

Dr. Benjamin Kellermann

»I would be happy to advise you on the selection of the right training course for your team.«

E-mail