Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
OWASP Top 10 for LLMs: Complete Hands-On Labs
New

OWASP Top 10 for LLMs: Complete Hands-On Labs

Attack and defend a real LLM chat + RAG app against the OWASP Top 10 for LLMs - hands-on, locally, with free Ollama.
Last updated 6/2026
English

What you'll learn

  • Recognize all 10 OWASP Top 10 for LLM Applications (2025) categories in real chat and RAG systems.
  • Exploit and then defend a working local LLM app - run each attack in vulnerable mode, then watch the defenses block it.
  • Configure seven composable defenses: prompt filter, input validator, output sanitizer, rate limiter, context isolator, tool guard, RAG validator.
  • Write a threat model and defense-in-depth plan for any new LLM-powered product or feature.

Course content

12 sections68 lectures6h 21m total length
  • Welcome and What You'll Build8:31
  • OWASP Top Ten for LLMs at a Glance8:06
  • Setting Up Ollama and the Lab Platform7:38
  • Demo: Setting Up Ollama and the Lab Platform3:27
  • A Tour of the Security Console6:40
  • Installing the Lab on Windows, macOS, and Linux6:18
  • Install Walkthrough: Run the Commands3:18
  • DEMO: A Tour Of The Security Console5:01
  • Stand Up the Lab Platform Locally

Requirements

  • Comfort with the command line and basic JavaScript/TypeScript - you will read and edit small code modules.
  • A laptop with 8 GB+ RAM that can run a local model with Ollama (free) - no cloud account or API key required.
  • Familiarity with web apps and basic LLM/chatbot concepts is helpful but not required.

Description

This course contains the use artificial intelligence.

Large language models broke a core assumption of application security: there is no clean separation between data and instructions. This course teaches the OWASP Top 10 for LLM Applications (2025) the only way that really sticks - by exploiting each weakness in a working app, then defending against it.


You will run a local, open-source lab: a Next.js chat assistant wired to a Retrieval-Augmented Generation pipeline, powered entirely by Ollama on your own machine. No cloud account, no API key, nothing to pay for. Every scenario is run twice - once in vulnerable mode where the attack succeeds, and once in defended mode where a chain of real defenses stops it. You see the same prompt leak data in one mode and get refused in the other, then read the defense source code that made the difference.


Across twelve sections you will cover all ten categories: prompt injection, sensitive information disclosure, supply chain, data and model poisoning, improper output handling, excessive agency, system prompt leakage, vector and embedding weaknesses, misinformation and overreliance, and unbounded consumption (denial of wallet). You will configure and inspect seven composable defenses - prompt filter, input validator, output sanitizer, rate limiter, context isolator, tool guard, and RAG validator - and learn exactly which attacks each one stops and why heuristics alone are never enough.


The course follows a single fictional company, NovaBridge, through a continuous incident-driven story, so the threats land in a realistic enterprise context. Each section ends with a hands-on assignment, and the course closes with a capstone where you threat-model and harden a brand-new product across all ten categories.


By the end you will be able to recognize every OWASP LLM risk in real systems and write a defense-in-depth plan for any LLM-powered product you build.

Who this course is for:

  • Security engineers and application security leads securing LLM-powered features.
  • AI/ML engineers who want to harden chat and RAG systems against real attacks.
  • SOC analysts and red/blue teamers adding LLM threats to their playbook.