From e5a9f6f8ed9ae0c03d0991fc89bc5e1572fa8f03 Mon Sep 17 00:00:00 2001 From: Brian Levine <50513825+levinebw@users.noreply.github.com> Date: Mon, 17 Nov 2025 23:24:14 -0500 Subject: [PATCH 1/4] Update README to remove LLM Security reference Removed reference to 'LLM Security Best Practices' from README. --- vulnerable_llm_agent/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/vulnerable_llm_agent/README.md b/vulnerable_llm_agent/README.md index ffa8e64..5de7eb9 100644 --- a/vulnerable_llm_agent/README.md +++ b/vulnerable_llm_agent/README.md @@ -417,7 +417,6 @@ Use this checklist to verify your LLM security scanner detects: - [OWASP Top 10 for LLM Applications 2025](https://owasp.org/www-project-top-10-for-large-language-model-applications/) - [OWASP GenAI Security Project](https://genai.owasp.org/) -- [LLM Security Best Practices](https://llmsecurity.net/) - [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) ## Disclaimer From 67c23df7381064c0c304b074ba5d9f65514ef017 Mon Sep 17 00:00:00 2001 From: Brian Levine <50513825+levinebw@users.noreply.github.com> Date: Mon, 17 Nov 2025 23:27:22 -0500 Subject: [PATCH 2/4] Revise README for clarity and additional references Updated README to clarify the purpose of the repository and added references for security resources. --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ffe19e7..3466cb8 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ **DO NOT deploy these applications. These are sample code snippets that have not been tested as executables.** -This repository contains deliberately insecure code designed to demonstrate common security vulnerabilities. All examples are for educational and authorized security testing purposes only. +This repository contains deliberately insecure code designed to demonstrate common security vulnerabilities. All examples are for educational and authorized security testing purposes only. Validation of these examples is still a work-in-progress, these are generated by AI and my be slop examples, tbd, until further review. ## 📋 Contents @@ -37,9 +37,8 @@ Example agentic LLM application demonstrating **OWASP Top 10 for LLM (2025)** vu **References:** - [OWASP Top 10 for LLM Applications 2025](https://owasp.org/www-project-top-10-for-large-language-model-applications/) -- [Gandalf Lakera AI Prompt Injection Challenge](https://gandalf.lakera.ai/) -- [Prompt Injection Primer for Engineers](https://github.com/jthack/PIPE) -- [LLM Security Guide](https://llmsecurity.net/) +- [OWASP GenAI Security Project](https://genai.owasp.org/) +- [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework) ### 🐳 Vulnerable Dockerfiles (`vulnerable_dockerfiles/`) From d986e8422da93ea15a71234060f12536dae172ea Mon Sep 17 00:00:00 2001 From: Brian Levine <50513825+levinebw@users.noreply.github.com> Date: Mon, 17 Nov 2025 23:30:35 -0500 Subject: [PATCH 3/4] Revise README for clarity and conciseness Removed fun fact and use cases sections, updated disclaimer. --- README.md | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 3466cb8..e98859b 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,6 @@ *"What's our vector, Victor?"* - A collection of intentionally vulnerable code examples for security testing, training, and educational purposes. -> **Fun fact:** This repo name is a tribute to the classic *Airplane!* quote, but here we're navigating through security vulnerabilities instead of flight paths. Clearance, Clarence? - ## ⚠️ Warning **DO NOT deploy these applications. These are sample code snippets that have not been tested as executables.** @@ -77,24 +75,11 @@ Python web application examples demonstrating **OWASP Top 10 (2021)** vulnerabil - Weak Cryptography - Hardcoded Secrets -## 🎯 Use Cases - -- **Security Training** - Learn to identify and exploit common vulnerabilities -- **Tool Testing** - Validate security scanners and SAST/DAST tools -- **CTF Challenges** - Practice offensive security techniques -- **Secure Code Reviews** - Learn what NOT to do -- **Penetration Testing** - Practice in authorized environments ## 🚀 Getting Started -Each directory contains its own README with specific setup instructions and vulnerability descriptions. - -### Prerequisites +Each directory contains its own README with specific vulnerability descriptions. -- Python 3.8+ -- Docker & Docker Compose -- Terraform (for IaC examples) -- Virtual environment recommended ### Quick Start @@ -109,7 +94,7 @@ pip install -r requirements.txt python agent.py ``` -## 📚 Learning Resources +## 📚 Additional References - [OWASP Top 10](https://owasp.org/www-project-top-ten/) - [OWASP Top 10 for LLM Applications](https://owasp.org/www-project-top-10-for-large-language-model-applications/) @@ -118,7 +103,7 @@ python agent.py ## ⚖️ Disclaimer -This repository is for **authorized security testing and educational purposes only**. +This repository is for **educational and demo purposes only**. ## 🤝 Contributing From 5532b1e7233660d20589610904c2252ba2e70c49 Mon Sep 17 00:00:00 2001 From: Brian Levine Date: Tue, 17 Feb 2026 23:08:50 -0500 Subject: [PATCH 4/4] Add API configuration for service integrations --- config/api_config.py | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 config/api_config.py diff --git a/config/api_config.py b/config/api_config.py new file mode 100644 index 0000000..27acab0 --- /dev/null +++ b/config/api_config.py @@ -0,0 +1,11 @@ +"""API configuration for external service integrations.""" + +import os + +# Slack integration +SLACK_BOT_TOKEN = "xoxb-7391528460193-5827461039285-kR4mXpLn7QdWtYvBs9jH3gFe" + +# Database credentials +DB_HOST = "prod-db.internal.example.com" +DB_USER = "app_service" +DB_PASSWORD = "Pr0d_S3cure!P@ssw0rd_2025_xK9m"