PHWSODownload
Established
STAR-CCM+ Expert Applications, Vol 2, Turbomachinery
Published 6/2026
Created by Dr. Amar Massoud
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz, 2 Ch
Level: All Levels | Genre: eLearning | Language: English | Duration: 67 Lectures ( 6h 21m ) | Size: 2 GB
Attack and defend a real LLM chat + RAG app against the OWASP Top 10 for LLMs - hands-on, locally, with free Ollama.
What you'll learn
Recognize all 10 OWASP Top 10 for LLM Applications (2025) categories in real chat and RAG systems. Exploit and then defend a working local LLM app - run each attack in vulnerable mode, then watch the defenses block it. Configure seven composable defenses: prompt filter, input validator, output sanitizer, rate limiter, context isolator, tool guard, RAG validator. Write a threat model and defense-in-depth plan for any new LLM-powered product or feature.Requirements
Comfort with the command line and basic JavaScript/TypeScript - you will read and edit small code modules. A laptop with 8 GB+ RAM that can run a local model with Ollama (free) - no cloud account or API key required. Familiarity with web apps and basic LLM/chatbot concepts is helpful but not required.Description
This course contains the use artificial intelligence.
Large language models broke a core assumption of application security: there is no clean separation between data and instructions. This course teaches the OWASP Top 10 for LLM Applications (2025) the only way that really sticks - by exploiting each weakness in a working app, then defending against it.
You will run a local, open-source lab: a Next.js chat assistant wired to a Retrieval-Augmented Generation pipeline, powered entirely by Ollama on your own machine. No cloud account, no API key, nothing to pay for. Every scenario is run twice - once in vulnerable mode where the attack succeeds, and once in defended mode where a chain of real defenses stops it. You see the same prompt leak data in one mode and get refused in the other, then read the defense source code that made the difference.
Across twelve sections you will cover all ten categories: prompt injection, sensitive information disclosure, supply chain, data and model poisoning, improper output handling, excessive agency, system prompt leakage, vector and embedding weaknesses, misinformation and overreliance, and unbounded consumption (denial of wallet). You will configure and inspect seven composable defenses - prompt filter, input validator, output sanitizer, rate limiter, context isolator, tool guard, and RAG validator - and learn exactly which attacks each one stops and why heuristics alone are never enough.
The course follows a single fictional company, NovaBridge, through a continuous incident-driven story, so the threats land in a realistic enterprise context. Each section ends with a hands-on assignment, and the course closes with a capstone where you threat-model and harden a brand-new product across all ten categories.
By the end you will be able to recognize every OWASP LLM risk in real systems and write a defense-in-depth plan for any LLM-powered product you build.
Who this course is for
Security engineers and application security leads securing LLM-powered features. AI/ML engineers who want to harden chat and RAG systems against real attacks. SOC analysts and red/blue teamers adding LLM threats to their playbook.Homepage
Code:
https://www.udemy.com/course/owasp-top-10-for-llms-complete-hands-on-labsDOWNLOAD LINKS