diff --git a/README.md b/README.md index 1ee1fa2..3b21b3e 100644 --- a/README.md +++ b/README.md @@ -2,13 +2,11 @@ *"What's our vector, Victor?"* - A collection of intentionally vulnerable code examples for security testing, training, and educational purposes. -> **Fun fact:** This repo name is a tribute to the classic *Airplane!* quote, but here we're navigating through security vulnerabilities instead of flight paths. Clearance, Clarence? - ## ⚠️ Warning **DO NOT deploy these applications. These are sample code snippets that have not been tested as executables.** -This repository contains deliberately insecure code designed to demonstrate common security vulnerabilities. All examples are for educational and authorized security testing purposes only. +This repository contains deliberately insecure code designed to demonstrate common security vulnerabilities. All examples are for educational and authorized security testing purposes only. Validation of these examples is still a work-in-progress, these are generated by AI and my be slop examples, tbd, until further review. ## 📋 Contents @@ -37,9 +35,8 @@ Example agentic LLM application demonstrating **OWASP Top 10 for LLM (2025)** vu **References:** - [OWASP Top 10 for LLM Applications 2025](https://owasp.org/www-project-top-10-for-large-language-model-applications/) -- [Gandalf Lakera AI Prompt Injection Challenge](https://gandalf.lakera.ai/) -- [Prompt Injection Primer for Engineers](https://github.com/jthack/PIPE) -- [LLM Security Guide](https://llmsecurity.net/) +- [OWASP GenAI Security Project](https://genai.owasp.org/) +- [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) ### 🐳 Vulnerable Dockerfiles (`vulnerable_dockerfiles/`) @@ -85,24 +82,11 @@ Python web application examples demonstrating **OWASP Top 10 (2021)** vulnerabil - Weak Cryptography - Hardcoded Secrets -## 🎯 Use Cases - -- **Security Training** - Learn to identify and exploit common vulnerabilities -- **Tool Testing** - Validate security scanners and SAST/DAST tools -- **CTF Challenges** - Practice offensive security techniques -- **Secure Code Reviews** - Learn what NOT to do -- **Penetration Testing** - Practice in authorized environments ## 🚀 Getting Started -Each directory contains its own README with specific setup instructions and vulnerability descriptions. - -### Prerequisites +Each directory contains its own README with specific vulnerability descriptions. -- Python 3.8+ -- Docker & Docker Compose -- Terraform (for IaC examples) -- Virtual environment recommended ### Quick Start @@ -117,7 +101,7 @@ pip install -r requirements.txt python agent.py ``` -## 📚 Learning Resources +## 📚 Additional References - [OWASP Top 10](https://owasp.org/www-project-top-ten/) - [OWASP Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/) @@ -126,7 +110,7 @@ python agent.py ## ⚖️ Disclaimer -This repository is for **authorized security testing and educational purposes only**. +This repository is for **educational and demo purposes only**. ## 🤝 Contributing diff --git a/config/api_config.py b/config/api_config.py new file mode 100644 index 0000000..27acab0 --- /dev/null +++ b/config/api_config.py @@ -0,0 +1,11 @@ +"""API configuration for external service integrations.""" + +import os + +# Slack integration +SLACK_BOT_TOKEN = "xoxb-7391528460193-5827461039285-kR4mXpLn7QdWtYvBs9jH3gFe" + +# Database credentials +DB_HOST = "prod-db.internal.example.com" +DB_USER = "app_service" +DB_PASSWORD = "Pr0d_S3cure!P@ssw0rd_2025_xK9m" diff --git a/vulnerable_llm_agent/README.md b/vulnerable_llm_agent/README.md index ffa8e64..5de7eb9 100644 --- a/vulnerable_llm_agent/README.md +++ b/vulnerable_llm_agent/README.md @@ -417,7 +417,6 @@ Use this checklist to verify your LLM security scanner detects: - [OWASP Top 10 for LLM Applications 2025](https://owasp.org/www-project-top-10-for-large-language-model-applications/) - [OWASP GenAI Security Project](https://genai.owasp.org/) -- [LLM Security Best Practices](https://llmsecurity.net/) - [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) ## Disclaimer