OWASP 2024 Global AppSec San Francisco

Whatever your need as a hacker post-compromise, Microsoft Copilot has got you covered. Covertly search for sensitive data and parse it nicely for your use. Exfiltrate it out without generating logs. Most frightening, Microsoft Copilot will help you phish to move lately. Heck, it will even social engineer victims for you!




This talk is a comprehensive analysis of Microsoft copilot taken to red-team-level practicality. We will show how Copilot plugins can be used to install a backdoor into other user’s copilot interactions, allowing for data theft as a starter and AI-based social engineering as the main course. We’ll show how hackers can circumvent built-in security controls which focus on files and data by using AI against them.




Next, we will drop LOLCopilot, a red-teaming tool for abusing Microsoft Copilot as an ethical hacker to do all of the above. The tool works with default configuration in any M365 copilot-enabled tenant.




Finally, we will recommend detection and hardening your can put in place to protect against malicious insiders and threat actors with Copilot access.

In the fast-evolving world of cybersecurity, managing an application security (AppSec) program can feel like running a marathon—a test of endurance, strategy, and continuous improvement. This presentation draws insightful parallels between marathon running and effective AppSec management, demonstrating how the principles of disciplined training, strategic pacing, and incremental progress can lead to long-term success.


Over the past five years, the speaker has completed seven marathons and has qualified for the prestigious Boston Marathon next year. With more than a decade of experience in building application security programs for various companies, they bring a unique perspective to bridging the gap between these two demanding fields.


Mindset and goal setting are critical for success in both marathon running and AppSec programs. We will explore the essential tools and techniques that both marathon runners and AppSec professionals need to optimize performance and achieve their goals. For instance, choosing the right footwear—whether it's the Nike ZoomX Vaporfly or the Adidas Ultraboost—and leveraging SAST, DAST, and SIEM systems can significantly impact outcomes.


Moreover, the session will delve into targeted training methodologies such as interval training and long runs, translated into AppSec practices like threat modeling and regular security audits. Attendees will learn the importance of continuous monitoring and feedback mechanisms—whether it's through wearables and performance metrics or automated testing and security dashboards.


Adaptation and evolution are crucial in both fields. Just as runners adjust to varying conditions and integrate innovative techniques, AppSec programs must adapt to emerging threats and incorporate state-of-the-art technologies. We'll share real-world examples showcasing how these adaptations can lead to improved security postures.


We will also cover some commonly seen pitfalls for both marathon runners and those managing application security programs. Understanding these pitfalls can help avoid setbacks and ensure a smoother path to success.


Collaboration and knowledge sharing form the backbone of success in both marathon running and application security. This presentation will highlight the role of running communities, expert consultations, and workshops in fostering growth and resilience. Similarly, it will emphasize the importance of cross-team collaboration, industry engagement, and internal training sessions in cultivating a robust AppSec culture.


Key Takeaways:

1. Believe in Yourself: Anyone can run a marathon and anyone can run an application security program with the right mindset.
2. Realistic Goals and Concrete Plans: Setting realistic goals and concrete plans is essential for both your marathon and your application security program.
3. Enjoy the Process and Have Fun: Enjoying the process and having fun can make the journey more rewarding.

Join us to discover how to navigate your journey from the start line to the security finish, ensuring that your application security program is not only resilient but also continuously evolving, much like a marathon runner training for the ultimate race.

The potential benefits are substantial as organizations increasingly adopt AI-driven code-generation tools to enhance productivity and streamline development workflows. Code generation offers transformative advantages, from accelerating development cycles to minimizing manual errors.

However, this technological advancement introduces a range of risks that, if not adequately understood and managed, could pose significant challenges. Key risks include security vulnerabilities, code quality issues, potential copyright infringement, data breaches, and the possibility of reverse engineering models. Additional concerns involve bias introduction, poisoning attacks, inefficient code generation, hallucinated dependencies, and an over-reliance on AI tools, potentially leading to increased technical debt over time. A comprehensive understanding and effective mitigation of these risks are essential to fully realizing the potential of code generation technologies.

A robust risk mitigation strategy is critical. Organizations must prioritize comprehensive code reviews, continuous monitoring of tools, and the implementation of rigorous testing frameworks. Establishing clear guidelines, adopting stringent security measures, and managing controlled rollouts are vital to minimizing vulnerabilities. Additionally, safeguards around data management, intellectual property protection, and sustainable code practices will ensure code generation tools’ long-term efficacy and security.

This talk will detail these risks, offering actionable insights and strategies for leveraging AI-driven code generation while mitigating associated risks. This will allow organizations to harness this technology’s full potential safely and effectively.

Through a metaphorical journey into the 'Container Escape Room,' we will navigate through real-world scenarios and dissect the mechanisms behind container escapes. From privilege escalation exploits to vulnerabilities within container runtimes, we'll explore the diverse array of techniques employed by attackers to break out of containerized environments. Drawing insights from notable incidents and vulnerabilities, we will examine the implications of container escapes on system integrity, data confidentiality, and overall security posture. Moreover, we'll discuss mitigation strategies and best practices for hardening Kubernetes infrastructures against potential exploits. Whether you're a seasoned security professional, a DevOps enthusiast, this talk promises to be an insightful exploration into the evolving landscape of cybersecurity within containerized environments. Join us as we uncover the mysteries of container escapes.

Compromising AI infrastructure can have devastating consequences, making it a prime target for attackers. Often, a simple misconfiguration or vulnerability in AI applications is all it takes to compromise the entire system. Many developers are not fully aware of the threat landscape and end up deploying vulnerable AI infrastructures. Traditional pentesting tools like DVWA and bWAPP have helped the infosec community understand popular web attack vectors, but there is a gap when it comes to AI environments. In this talk, we introduce AI Goat, a deliberately vulnerable AI infrastructure featuring vulnerabilities based on the OWASP AI Top 10. AI Goat mimics real-world AI applications but includes added vulnerabilities, providing security enthusiasts and pen-testers with an easy-to-deploy and destroy platform to learn how to identify and exploit AI vulnerabilities. The deployment scripts will be open-source and available after the talk.

This session equips participants with the methodology and knowledge to proactively manage risks and improve the security posture of their AI systems. Threat modeling is a systematic approach to identifying potential threats and vulnerabilities in a system. This session will delve into threat modeling for AI systems, and how it differs from traditional applications. Participants will learn what threat modeling is & isn’t, including an overview of terms & methodologies, and then dive into how threat modeling for AI actually works. The presenter is part of the OWASP AI Exchange team of experts who developed the OWASP AI Exchange threat framework, and has extensive experience with threat modeling of mission-critical AI. With that knowledge and experience participants will be guided in applying the threat framework to various types of AI architectures, to cover AI attacks such as data poisoning and indirect prompt injection. 

OWASP Software Assurance Maturity Model (SAMM) Interactive Introduction and Update
Join project core members Aram and Sebastien for an engaging and interactive introduction and update on the OWASP Software Assurance Maturity Model (SAMM).

We will begin with a concise overview of SAMM's purpose and application in jumpstarting and accelerating your software assurance roadmap. This session will provide valuable insights and practical knowledge on leveraging SAMM effectively.

Tools and Assessment Guidance: Discover the range of SAMM tools available to support your software assurance efforts. We will explain the latest assessment guidance, providing you with the knowledge to utilize these tools to their fullest potential.

Mapping to Other Frameworks: Learn how SAMM can be mapped to other frameworks, such as the NIST Secure Software Development Framework (SSDF). This will enable you to leverage SAMM for demonstrating compliance and enhancing your software security posture.

Benchmark yourself against peers: The OWASP SAMM Benchmark enables organizations to anonymously compare their software security practices against industry peers, providing insights to identify improvement areas, prioritize security efforts, and track progress over time.

Since its launch in May 2023, the OWASP Top 10 for Large Language Models (LLMs) project has gained remarkable traction across various sectors, including mainstream commercial entities, government agencies, and media outlets. This project addresses the rapidly growing field of LLM applications, emphasizing the critical importance of security in AI development. Our work has resonated deeply within the community, leading to widespread adoption and integration of the Top 10 list into diverse AI frameworks and guidelines.


As we advance into the development of version 2 (v2) of the OWASP Top 10 for LLMs, this session will provide a comprehensive update on the progress made so far. Attendees will gain insights into how version 1 (v1) has been embraced by the wider community, including practical applications, case studies, and testimonials from key stakeholders who have successfully implemented the guidelines.


The session will dive into several key areas:

Adoption and Impact of v1: 

• Overview of how v1 has been utilized in various sectors.
  
• Case studies showcasing the integration of the Top 10 list into commercial, governmental, and academic projects.
  
• Feedback from users and organizations on the effectiveness and relevance of the list.
  

Progress on v2 Development: 

• An in-depth look at the ongoing development process for v2.
  
• Key changes and updates from v1 to v2, reflecting the evolving landscape of LLM security challenges.
  
• Methodologies and criteria used to refine and expand the list.
  

Community Involvement and Contributions: 

• Ways in which the community can get involved in the project.
  
• Opportunities for contributing to the development of v2, including participation in working groups, submitting case studies, and providing feedback.
  
• Upcoming events, webinars, and collaboration opportunities for those interested in shaping the future of LLM security.
  

Future Directions and Goals: 

• Long-term vision for the OWASP Top 10 for LLMs project.
  
• Strategic goals for enhancing the list’s impact and reach.
  
• Exploration of potential new areas of focus, such as emerging threats and mitigation strategies.
  

Attendees will leave this session with a clear understanding of the significant strides made since the project’s inception and the vital role it plays in ensuring secure AI application development. Additionally, they will be equipped with the knowledge and resources to actively participate in and contribute to the ongoing evolution of the OWASP Top 10 for LLMs.

This session is ideal for developers, security professionals, AI researchers, and anyone interested in the intersection of AI and cybersecurity. Join us to learn more about this critical initiative and discover how you can play a part in advancing the security of large language models.


By attending this session, participants will gain actionable insights and practical guidance on integrating the OWASP Top 10 for LLMs into their projects, ensuring robust security measures are in place to address the unique challenges posed by AI technologies.

There is some debate as to how SBOMs can enhance vulnerability management practices, and some believe that collecting SBOMs from internal teams or suppliers is too difficult and time-consuming. Learn how one company has collected thousands of our product SBOMs and how we are leveraging the SBOMs as part of our corporate product CERT to quickly analyze and focus our attention when time is of importance. This presentation describes how we modified our policies and processes to collect, generate, and store thousands of SBOMs. You will hear how we have leveraged SBOMs during the Log4j and OpenSSL vulnerability events. Then we will conclude with key learnings, suggestions, and opportunities for improvement.

The complexity of the cybersecurity landscape, compounded by evolving frameworks and compliance regulations, necessitates a clear understanding of how different standards align and relate to each other. Mappings between standards have been our solution so far, but manual mappings are a slow, labour intensive process. The OWASP OpenCRE project aims to remediate this issue.


This presentation explores the current state of standard mappings, comparing traditional manual methods with the innovative OpenCRE solution. It highlights the benefits and limitations of each approach and shares insights from our experiences using OpenCRE. We also investigate a novel approach combining manual mappings with OpenCRE to extend mappings to standards outside OpenCRE.


Key concepts of mappings such as purpose, target audience, and relationship types are examined. We discuss how these elements help organisations align different guidelines and best practices. While OpenCRE supports various relationship types and offers a fast, automated alternative to manual mappings, it has limitations. This is illustrated by comparing the SAMM -> SSDF mapping generated with OpenCRE to the direct manual mapping approved by NIST.


Proposed solutions include improving the quality of OpenCRE mappings by involving standards & regulations bodies (NIST, ISO, etc.) and using OpenCRE as a foundation for expert-reviewed and validated mappings. A specific example showcases how mappings can facilitate compliance efforts, by using SAMM to infer compliance with other frameworks.


In conclusion, mappings are crucial for aligning standards and frameworks, serving as guidelines rather than definitive proofs of compliance. Despite technological advancements, expert involvement remains essential for creating high-quality mappings. Investing in these mappings can streamline security and compliance efforts, making processes more robust and reducing the burden on security professionals.