Pentesting Large Language Model Apps using the OWASP Top 10 for LLM Apps

2/20/2025 12:00:00 PM [(UTC-05:00) Eastern Time (US & Canada)] - Can't make the live event? Register anyway to receive a link to the recording.

Show/Hide All Time Zones

All Time Zones


Dateline Standard Time-(UTC-12:00) International Date Line West	2/20/2025 5:00:00 AM
UTC-11-(UTC-11:00) Coordinated Universal Time-11	2/20/2025 6:00:00 AM
Aleutian Standard Time-(UTC-10:00) Aleutian Islands	2/20/2025 7:00:00 AM
Hawaiian Standard Time-(UTC-10:00) Hawaii	2/20/2025 7:00:00 AM
Marquesas Standard Time-(UTC-09:30) Marquesas Islands	2/20/2025 7:30:00 AM
Alaskan Standard Time-(UTC-09:00) Alaska	2/20/2025 8:00:00 AM
UTC-09-(UTC-09:00) Coordinated Universal Time-09	2/20/2025 8:00:00 AM
Pacific Standard Time (Mexico)-(UTC-08:00) Baja California	2/20/2025 9:00:00 AM
UTC-08-(UTC-08:00) Coordinated Universal Time-08	2/20/2025 9:00:00 AM
Pacific Standard Time-(UTC-08:00) Pacific Time (US & Canada)	2/20/2025 9:00:00 AM
US Mountain Standard Time-(UTC-07:00) Arizona	2/20/2025 10:00:00 AM
Mountain Standard Time (Mexico)-(UTC-07:00) La Paz, Mazatlan	2/20/2025 10:00:00 AM
Mountain Standard Time-(UTC-07:00) Mountain Time (US & Canada)	2/20/2025 10:00:00 AM
Yukon Standard Time-(UTC-07:00) Yukon	2/20/2025 10:00:00 AM
Central America Standard Time-(UTC-06:00) Central America	2/20/2025 11:00:00 AM
Central Standard Time-(UTC-06:00) Central Time (US & Canada)	2/20/2025 11:00:00 AM
Easter Island Standard Time-(UTC-06:00) Easter Island	2/20/2025 12:00:00 PM
Central Standard Time (Mexico)-(UTC-06:00) Guadalajara, Mexico City, Monterrey	2/20/2025 11:00:00 AM
Canada Central Standard Time-(UTC-06:00) Saskatchewan	2/20/2025 11:00:00 AM
SA Pacific Standard Time-(UTC-05:00) Bogota, Lima, Quito, Rio Branco	2/20/2025 12:00:00 PM
Eastern Standard Time (Mexico)-(UTC-05:00) Chetumal	2/20/2025 12:00:00 PM
Eastern Standard Time-(UTC-05:00) Eastern Time (US & Canada)	2/20/2025 12:00:00 PM
Haiti Standard Time-(UTC-05:00) Haiti	2/20/2025 12:00:00 PM
Cuba Standard Time-(UTC-05:00) Havana	2/20/2025 12:00:00 PM
US Eastern Standard Time-(UTC-05:00) Indiana (East)	2/20/2025 12:00:00 PM
Turks And Caicos Standard Time-(UTC-05:00) Turks and Caicos	2/20/2025 12:00:00 PM
Paraguay Standard Time-(UTC-04:00) Asuncion	2/20/2025 2:00:00 PM
Atlantic Standard Time-(UTC-04:00) Atlantic Time (Canada)	2/20/2025 1:00:00 PM
Venezuela Standard Time-(UTC-04:00) Caracas	2/20/2025 1:00:00 PM
Central Brazilian Standard Time-(UTC-04:00) Cuiaba	2/20/2025 1:00:00 PM
SA Western Standard Time-(UTC-04:00) Georgetown, La Paz, Manaus, San Juan	2/20/2025 1:00:00 PM
Pacific SA Standard Time-(UTC-04:00) Santiago	2/20/2025 2:00:00 PM
Newfoundland Standard Time-(UTC-03:30) Newfoundland	2/20/2025 1:30:00 PM
Tocantins Standard Time-(UTC-03:00) Araguaina	2/20/2025 2:00:00 PM
E. South America Standard Time-(UTC-03:00) Brasilia	2/20/2025 2:00:00 PM
SA Eastern Standard Time-(UTC-03:00) Cayenne, Fortaleza	2/20/2025 2:00:00 PM
Argentina Standard Time-(UTC-03:00) City of Buenos Aires	2/20/2025 2:00:00 PM
Montevideo Standard Time-(UTC-03:00) Montevideo	2/20/2025 2:00:00 PM
Magallanes Standard Time-(UTC-03:00) Punta Arenas	2/20/2025 2:00:00 PM
Saint Pierre Standard Time-(UTC-03:00) Saint Pierre and Miquelon	2/20/2025 2:00:00 PM
Bahia Standard Time-(UTC-03:00) Salvador	2/20/2025 2:00:00 PM
UTC-02-(UTC-02:00) Coordinated Universal Time-02	2/20/2025 3:00:00 PM
Greenland Standard Time-(UTC-02:00) Greenland	2/20/2025 3:00:00 PM
Mid-Atlantic Standard Time-(UTC-02:00) Mid-Atlantic - Old	2/20/2025 3:00:00 PM
Azores Standard Time-(UTC-01:00) Azores	2/20/2025 4:00:00 PM
Cape Verde Standard Time-(UTC-01:00) Cabo Verde Is.	2/20/2025 4:00:00 PM
UTC-(UTC) Coordinated Universal Time	2/20/2025 5:00:00 PM
GMT Standard Time-(UTC+00:00) Dublin, Edinburgh, Lisbon, London	2/20/2025 5:00:00 PM
Greenwich Standard Time-(UTC+00:00) Monrovia, Reykjavik	2/20/2025 5:00:00 PM
Sao Tome Standard Time-(UTC+00:00) Sao Tome	2/20/2025 5:00:00 PM
Morocco Standard Time-(UTC+01:00) Casablanca	2/20/2025 6:00:00 PM
W. Europe Standard Time-(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna	2/20/2025 6:00:00 PM
Central Europe Standard Time-(UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague	2/20/2025 6:00:00 PM
Romance Standard Time-(UTC+01:00) Brussels, Copenhagen, Madrid, Paris	2/20/2025 6:00:00 PM
Central European Standard Time-(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb	2/20/2025 6:00:00 PM
W. Central Africa Standard Time-(UTC+01:00) West Central Africa	2/20/2025 6:00:00 PM
GTB Standard Time-(UTC+02:00) Athens, Bucharest	2/20/2025 7:00:00 PM
Middle East Standard Time-(UTC+02:00) Beirut	2/20/2025 7:00:00 PM
Egypt Standard Time-(UTC+02:00) Cairo	2/20/2025 7:00:00 PM
E. Europe Standard Time-(UTC+02:00) Chisinau	2/20/2025 7:00:00 PM
West Bank Standard Time-(UTC+02:00) Gaza, Hebron	2/20/2025 7:00:00 PM
South Africa Standard Time-(UTC+02:00) Harare, Pretoria	2/20/2025 7:00:00 PM
FLE Standard Time-(UTC+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius	2/20/2025 7:00:00 PM
Israel Standard Time-(UTC+02:00) Jerusalem	2/20/2025 7:00:00 PM
South Sudan Standard Time-(UTC+02:00) Juba	2/20/2025 7:00:00 PM
Kaliningrad Standard Time-(UTC+02:00) Kaliningrad	2/20/2025 7:00:00 PM
Sudan Standard Time-(UTC+02:00) Khartoum	2/20/2025 7:00:00 PM
Libya Standard Time-(UTC+02:00) Tripoli	2/20/2025 7:00:00 PM
Namibia Standard Time-(UTC+02:00) Windhoek	2/20/2025 7:00:00 PM
Jordan Standard Time-(UTC+03:00) Amman	2/20/2025 8:00:00 PM
Arabic Standard Time-(UTC+03:00) Baghdad	2/20/2025 8:00:00 PM
Syria Standard Time-(UTC+03:00) Damascus	2/20/2025 8:00:00 PM
Turkey Standard Time-(UTC+03:00) Istanbul	2/20/2025 8:00:00 PM
Arab Standard Time-(UTC+03:00) Kuwait, Riyadh	2/20/2025 8:00:00 PM
Belarus Standard Time-(UTC+03:00) Minsk	2/20/2025 8:00:00 PM
Russian Standard Time-(UTC+03:00) Moscow, St. Petersburg	2/20/2025 8:00:00 PM
E. Africa Standard Time-(UTC+03:00) Nairobi	2/20/2025 8:00:00 PM
Volgograd Standard Time-(UTC+03:00) Volgograd	2/20/2025 8:00:00 PM
Iran Standard Time-(UTC+03:30) Tehran	2/20/2025 8:30:00 PM
Arabian Standard Time-(UTC+04:00) Abu Dhabi, Muscat	2/20/2025 9:00:00 PM
Astrakhan Standard Time-(UTC+04:00) Astrakhan, Ulyanovsk	2/20/2025 9:00:00 PM
Azerbaijan Standard Time-(UTC+04:00) Baku	2/20/2025 9:00:00 PM
Russia Time Zone 3-(UTC+04:00) Izhevsk, Samara	2/20/2025 9:00:00 PM
Mauritius Standard Time-(UTC+04:00) Port Louis	2/20/2025 9:00:00 PM
Saratov Standard Time-(UTC+04:00) Saratov	2/20/2025 9:00:00 PM
Georgian Standard Time-(UTC+04:00) Tbilisi	2/20/2025 9:00:00 PM
Caucasus Standard Time-(UTC+04:00) Yerevan	2/20/2025 9:00:00 PM
Afghanistan Standard Time-(UTC+04:30) Kabul	2/20/2025 9:30:00 PM
West Asia Standard Time-(UTC+05:00) Ashgabat, Tashkent	2/20/2025 10:00:00 PM
Qyzylorda Standard Time-(UTC+05:00) Astana	2/20/2025 10:00:00 PM
Ekaterinburg Standard Time-(UTC+05:00) Ekaterinburg	2/20/2025 10:00:00 PM
Pakistan Standard Time-(UTC+05:00) Islamabad, Karachi	2/20/2025 10:00:00 PM
India Standard Time-(UTC+05:30) Chennai, Kolkata, Mumbai, New Delhi	2/20/2025 10:30:00 PM
Sri Lanka Standard Time-(UTC+05:30) Sri Jayawardenepura	2/20/2025 10:30:00 PM
Nepal Standard Time-(UTC+05:45) Kathmandu	2/20/2025 10:45:00 PM
Central Asia Standard Time-(UTC+06:00) Bishkek	2/20/2025 11:00:00 PM
Bangladesh Standard Time-(UTC+06:00) Dhaka	2/20/2025 11:00:00 PM
Omsk Standard Time-(UTC+06:00) Omsk	2/20/2025 11:00:00 PM
Myanmar Standard Time-(UTC+06:30) Yangon (Rangoon)	2/20/2025 11:30:00 PM
SE Asia Standard Time-(UTC+07:00) Bangkok, Hanoi, Jakarta	2/21/2025 12:00:00 AM
Altai Standard Time-(UTC+07:00) Barnaul, Gorno-Altaysk	2/21/2025 12:00:00 AM
W. Mongolia Standard Time-(UTC+07:00) Hovd	2/21/2025 12:00:00 AM
North Asia Standard Time-(UTC+07:00) Krasnoyarsk	2/21/2025 12:00:00 AM
N. Central Asia Standard Time-(UTC+07:00) Novosibirsk	2/21/2025 12:00:00 AM
Tomsk Standard Time-(UTC+07:00) Tomsk	2/21/2025 12:00:00 AM
China Standard Time-(UTC+08:00) Beijing, Chongqing, Hong Kong, Urumqi	2/21/2025 1:00:00 AM
North Asia East Standard Time-(UTC+08:00) Irkutsk	2/21/2025 1:00:00 AM
Singapore Standard Time-(UTC+08:00) Kuala Lumpur, Singapore	2/21/2025 1:00:00 AM
W. Australia Standard Time-(UTC+08:00) Perth	2/21/2025 1:00:00 AM
Taipei Standard Time-(UTC+08:00) Taipei	2/21/2025 1:00:00 AM
Ulaanbaatar Standard Time-(UTC+08:00) Ulaanbaatar	2/21/2025 1:00:00 AM
Aus Central W. Standard Time-(UTC+08:45) Eucla	2/21/2025 1:45:00 AM
Transbaikal Standard Time-(UTC+09:00) Chita	2/21/2025 2:00:00 AM
Tokyo Standard Time-(UTC+09:00) Osaka, Sapporo, Tokyo	2/21/2025 2:00:00 AM
North Korea Standard Time-(UTC+09:00) Pyongyang	2/21/2025 2:00:00 AM
Korea Standard Time-(UTC+09:00) Seoul	2/21/2025 2:00:00 AM
Yakutsk Standard Time-(UTC+09:00) Yakutsk	2/21/2025 2:00:00 AM
Cen. Australia Standard Time-(UTC+09:30) Adelaide	2/21/2025 3:30:00 AM
AUS Central Standard Time-(UTC+09:30) Darwin	2/21/2025 2:30:00 AM
E. Australia Standard Time-(UTC+10:00) Brisbane	2/21/2025 3:00:00 AM
AUS Eastern Standard Time-(UTC+10:00) Canberra, Melbourne, Sydney	2/21/2025 4:00:00 AM
West Pacific Standard Time-(UTC+10:00) Guam, Port Moresby	2/21/2025 3:00:00 AM
Tasmania Standard Time-(UTC+10:00) Hobart	2/21/2025 4:00:00 AM
Vladivostok Standard Time-(UTC+10:00) Vladivostok	2/21/2025 3:00:00 AM
Lord Howe Standard Time-(UTC+10:30) Lord Howe Island	2/21/2025 4:00:00 AM
Bougainville Standard Time-(UTC+11:00) Bougainville Island	2/21/2025 4:00:00 AM
Russia Time Zone 10-(UTC+11:00) Chokurdakh	2/21/2025 4:00:00 AM
Magadan Standard Time-(UTC+11:00) Magadan	2/21/2025 4:00:00 AM
Norfolk Standard Time-(UTC+11:00) Norfolk Island	2/21/2025 5:00:00 AM
Sakhalin Standard Time-(UTC+11:00) Sakhalin	2/21/2025 4:00:00 AM
Central Pacific Standard Time-(UTC+11:00) Solomon Is., New Caledonia	2/21/2025 4:00:00 AM
Russia Time Zone 11-(UTC+12:00) Anadyr, Petropavlovsk-Kamchatsky	2/21/2025 5:00:00 AM
New Zealand Standard Time-(UTC+12:00) Auckland, Wellington	2/21/2025 6:00:00 AM
UTC+12-(UTC+12:00) Coordinated Universal Time+12	2/21/2025 5:00:00 AM
Fiji Standard Time-(UTC+12:00) Fiji	2/21/2025 5:00:00 AM
Kamchatka Standard Time-(UTC+12:00) Petropavlovsk-Kamchatsky - Old	2/21/2025 5:00:00 AM
Chatham Islands Standard Time-(UTC+12:45) Chatham Islands	2/21/2025 6:45:00 AM
UTC+13-(UTC+13:00) Coordinated Universal Time+13	2/21/2025 6:00:00 AM
Tonga Standard Time-(UTC+13:00) Nuku'alofa	2/21/2025 6:00:00 AM
Samoa Standard Time-(UTC+13:00) Samoa	2/21/2025 6:00:00 AM
Line Islands Standard Time-(UTC+14:00) Kiritimati Island	2/21/2025 7:00:00 AM

Webinar Registration

Embarrassing news accounts show the risks of prematurely giving an LLM-powered app its freedom and exposing it to the Internet. On the other hand, effective pentesting of your app can save you and your customers from some painful results.

But how do you pentest an AI app? Thankfully a lot of smart people have been working on this and producing tools like the OWASP Top 10 for LLM Apps. Pentesting generative AI begins with prompt engineering.

Prompts are to an LLM as shell commands are to an operating system. Tons of work has been done to harden shells against command injection, enforcement of least privilege, etc, to prevent malicious users from escalating their privileges or otherwise tricking the system into doing things that particularly aren’t allowed. The same is going on today with LLMs.

In this webinar, we’ll discuss the difference between prompt injection and jailbreaking LLMs. We’ll also explore what system prompts are and how they are crucial to implementing guardrails and limits over user prompts.

But an interesting thing about prompts is that you probably need to give as much attention to unintended prompt injections as to direct malicious ones. While you can typically make some assumptions about the competency of a sysadmin the same cannot be said about users of an LLM. In a recent conversation with Luke Doherty and Gisela Hinojosa’s AI pentesting team at Cobalt, they shared a perfect example of what I mean. An education software company bringing an AI-powered app to market for elementary school students has a responsibility to protect its young users and limit content returned by innocent queries about human reproduction to age-appropriate results – not the unfiltered mashup of content that could potentially be referenced by an AI searching the web.

Another interesting aspect of prompt engineering is indirect prompt engineering. OWASP says “Indirect prompt injections occur when an LLM accepts input from external sources, such as websites or files. The content may have in the external content data that when interpreted by the model, alters the behavior of the model in unintended or unexpected ways.”

For instance, imagine one of your employees asking an LLM to summarize a webpage about a new product released by one of your competitors. Nothing’s wrong with that. But what if the competitor’s website contains hidden instructions to the LLM leading to exfiltration of the entire conversation up to that point. And what if earlier in that conversation your employee had asked the LLM to “find recent product announcements by other companies that could have a competitive advantage against our product X”?

In my next real training for free session, I will be introducing the concept of AI pentesting with an overview of the OWASP Top 10 for LLM Apps and I’m excited to have a panel of subject matter experts from Cobalt to provide tales from the trenches in this fast-moving area of cyber security. Cobalt conducted over 4,000 pentests last year alone and they have developed a practice for pentesting LLM Applications based on their work with the OWASP working group on this topic.

We will focus on real-world AI pentesting stories, sharing detailed examples of security failures the team has encountered in AI implementations and how they identified them through testing. We’ll walk through specific cases, demonstrating how they develop test cases - such as by manipulating language inputs (both human and machine) - and iterating through different attack scenarios to uncover vulnerabilities. The session will also explore the distinction between AI safety and AI security, how Cobalt scope AI pentests based on customer needs, and how their approach has evolved from early development issues like prompt injection to pre-release assessments aligned with the OWASP Top 10.

Please join us for this real training for free session.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Pentesting Large Language Model Apps using the OWASP Top 10 for LLM Apps

Additional Resources

User name:
Password:
	/ Forgot?
	Register

January 2025 Patch Tuesday	"Patch Tuesday - 8 Zero Days and 14 Critical " - sponsored by Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.