-
I really like the MLSecOps document shared by Ericson: https://www.ericsson.com/en/reports-and-papers/white-papers/mlsecops-protecting-the-ai-ml-lifecycle-in-telecom
1. I would like to show where …
-
## What is missing or needs to be updated?
- No mention of [OWASP Top 10 Privacy Risks & Countermeasures 2.0](https://owasp.org/www-project-top-10-privacy-risks/OWASP_Top_10_Privacy_Risks_Count…
-
These are missing activities that are also within the security-by-design topic.
We can use our training for some examples.
-
While translating the LLM Top 10 into German, @johannhartmann and I noticed that there are a few links embedded within the text (not just the references).
For example, LLM05 links to [A06:2021 - Vu…
-
In this page:
https://github.com/OWASP/Top10/blob/master/2021/docs/A00-about-owasp.md
The 'Google Groups' text links to:
https://github.com/OWASP/Top10/blob/master/2021/docs/TBA
which lands on a 4…
-
- Site: [https://owasp.org](https://owasp.org)
**New Alerts**
- **Hash Disclosure - Mac OSX salted SHA-1** [10097] total: 11:
- [https://owasp.org/API-Security/editions/2019/ar/dist/owasp-ap…
-
With the realization that the top 10 focuses on the risks that vulnerabilities, I recommend changing our template and the content of the Top 10 to match.
The TL;DR
Fo to the [OWASP Top 10](http…
-
ads test from https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/pull/292
-
Penetration testing on a pygeoapi instance would be a valuable testing mechanism in a DevSecOps context.
[Zed Attack Proxy (ZAP)](https://www.zaproxy.org) could be a viable option, given it provide…
-
**Analysis**
The containers actually created and used are used only for potential development. As such the risk is very limited.
**Description**
The Docker container requests the `NET_RAW` ca…