Detailed Test Cases for the OWASP Top 10 Risks in LLM Applications
In preparation for our GenAI (LLM) Red Team service, we organized a comprehensive set of detailed evaluation test cases aligned with the OWASP Top 10 for LLMs.
Summary Table of NLP Models (HF-based) – Video Type Models
Name Full Name Architecture Base Model Developed Training Dataset Lib. & Framework Use Cases HF URL Githhub URL TimeSformer TimeSformer (Time-Space Transformer) Transformer Vision Transformer (ViT) 2021 Evaluated on datasets like Kinetics-400 and Kinetics-600 PyTorch Video classification and action recognition tasks https://github.com/facebookresearch/TimeSformer VideoMAE Video Masked Autoencoders Masked autoencoder Vision Transformer (ViT) 2022 Pre-trained on large-scale
Summary Table of NLP Models (HF-based) – Audio Type Models
Name Full Name Architecture Base Model Developed Training Dataset Lib. & Framework Use Cases HF URL Githhub URL Audio Spectrogram Transformer Audio Spectrogram Transformer Transformer ViT 2021 AudioSet PyTorch, Hugging Face Transformers Audio classification, sound event detection https://huggingface.co/docs/transformers/model_doc/audio-spectrogram-transformer https://github.com/YuanGongND/ast Bark Bark GPT-like, Transformer GPT-2 2023 Proprietary dataset PyTorch, Hugging Face Transformers Text-to-speech, voice synthesis https://huggingface.co/docs/transformers/model_doc/bark
Summary Table of NLP Models (HF-based) – Vision-Type Models
Name Full Name Architecture Base Model Developed Training Dataset Lib. & Framework Use Cases HF URL Githhub URL BEiT Bidirectional Encoder representation from Image Transformers Vision Transformer ViT 2021 ImageNet-21k, ImageNet-1k PyTorch, Hugging Face Transformers Image classification, semantic segmentation https://huggingface.co/microsoft/beit-base-patch16-224 https://github.com/microsoft/unilm/tree/master/beit BiT Big Transfer ResNet ResNet 2019 JFT-300M, ImageNet-21k TensorFlow, Hugging Face Transformers Image classification, transfer learning
Summary Table of NLP Models (HF-based) – Text-Type Models
Name Full Name Architecture Base Model Developed Training Dataset Lib. & Framework Use Cases HF URL Githhub URL ALBERT A Lite BERT Transformer-based sequence-to-sequence BERT 2019 BookCorpus, English Wikipedia TensorFlow, PyTorch Natural Language Understanding https://huggingface.co/albert-base-v2 https://github.com/google-research/albert Bamba Bamba Transformer GPT-2 2023 Bambara language corpus PyTorch Bambara language generation https://huggingface.co/masakhane/bamba https://github.com/masakhane-io/bamba BART Bidirectional and Auto-Regressive Transformers
Wapiti
Wapiti allows you to audit the security of your web applications.It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.Once it gets this list, Wapiti acts like a fuzzer, injecting payloads
Essential Wireshark Tips for Effective Vulnerability Assessment
Changing Packet Time Display Settings (Menu: View > Time Display Format) Viewing Packet Flow (Menu: Statistics > Flow Graph) Viewing Packet Transmissions Between Specific Hosts (Menu: Statistics > Conversations) Viewing Packet Flow (Menu: Statistics > Endpoints) Searching for Packets Containing Specific Strings (Menu: Edit > Find Packet, Ctrl+F)
Useful tools to use alongside dedicated solutions when performing application source code vulnerability assessments
Most application source code vulnerability assessments involve reviewing a large volume of source files.In general, this work is performed through a combination of static analysis using dedicated tools such as Fortify and manual dynamic analysis conducted by experienced security consultants.Given the substantial amount of source code that must be manually reviewed during this process, it
Netcat Usage Examples
* Telnet Connection * Server-to-Server Chat * Connect via IPv6 (-6: IPv6, -4: IPv4) * copying a file * Hard Drives & partition Clone * port scanning * Send the “quit” command across the port range to check for responses (version information). * Simple web-page (somepage.html) service
PHP Security Audit
php_aduit_script.php <?php /** * PHP Security Check Script * http://php-security-audit.com/ * * This security check script will evaluate the PHP runtime environment * for your configuration to determine whether any improvements could be * made to your configuration. * * * * * * * * * * Revision History * * 2009-05-08 –