Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
AI Security: Defend LLM Apps Against the OWASP LLM Top 10
New
2 students

AI Security: Defend LLM Apps Against the OWASP LLM Top 10

Break and secure LLM apps with hands-on labs covering the OWASP Top 10 for LLM Applications (2025).
Created byNEXUS ACADEMY
Last updated 6/2026
English

What you'll learn

  • Explain why LLM and GenAI apps break differently than traditional web apps, and threat-model them like an attacker.
  • Exploit and defend against prompt injection (LLM01) and improper output handling (LLM05) in a safe, sandboxed lab.
  • Prevent sensitive information disclosure (LLM02) and system prompt leakage (LLM07) with data minimization and secrets hygiene.
  • Harden the AI supply chain, RAG pipelines, and vector stores against poisoning and embedding attacks (LLM03, LLM04, LLM08).
  • Contain excessive agency (LLM06) and unbounded consumption (LLM10), and run a defense-in-depth program with guardrails and monitoring.

Course content

6 sections29 lectures3h 13m total length
  • Course Documents and How to Use Them8:27
  • Welcome: Who This Course Is For4:10
  • Why LLM Apps Break Differently Than Web Apps6:04
  • The OWASP LLM Top 10 (2025): What's New and What Moved6:12
  • Setting Up Your Hands-On Attack Lab6:55
  • Thinking Like an Attacker: LLM Threat Modeling5:56

Requirements

  • Working knowledge of web application security, APIs, and the ability to read code (Python or JavaScript).
  • A computer that can run a local, sandboxed lab (Docker or a Python virtual environment). No prior AI/ML experience required.

Description

“This course contains the use of artificial intelligence.”

Large language models have moved from demos to production, and attackers have noticed. LLM-powered features introduce a new class of vulnerabilities that traditional web application security testing simply misses, and this hands-on course teaches you to find and fix them.


Built around the OWASP Top 10 for LLM Applications (2025 edition), the course pairs an offensive demo with a defensive lab for every major risk. You will learn why LLM apps break differently than classic web apps, stand up a safe, sandboxed vulnerable application, and threat-model GenAI systems like an attacker.


From there you will work through the full Top 10: Prompt Injection (LLM01), Sensitive Information Disclosure (LLM02), Supply Chain (LLM03), Data and Model Poisoning (LLM04), Improper Output Handling (LLM05), Excessive Agency (LLM06), System Prompt Leakage (LLM07), Vector and Embedding Weaknesses (LLM08), Misinformation (LLM09), and Unbounded Consumption (LLM10). You will exploit an over-privileged agent, poison a RAG knowledge base, steal a system prompt, and turn unsafe model output into XSS and command injection, then shut each attack down with input filtering, output encoding, least privilege, data minimization, and RAG hardening.


The course closes with a defense-in-depth program: guardrails, continuous LLM red teaming, monitoring, logging, and incident response. Every lab is reproducible, ethical, and vendor-neutral, drawing on OWASP, MITRE ATLAS, and the NIST AI Risk Management Framework. By the end you will have a practical LLM security checklist you can apply to your own applications immediately.


This course is for AppSec and security engineers, developers, and architects who are comfortable with web security and APIs and want to add LLM threats to their toolkit. No prior machine learning experience is required.

Who this course is for:

  • AppSec and security engineers adding LLM and GenAI threats to an existing application-security practice.
  • Developers and architects building LLM-powered features who need to ship them securely.