├── .gitignore ├── 0.1 ├── Makefile ├── en │ ├── 0x00-Header.yaml │ ├── 0x01-Frontispiece.md │ ├── 0x02-Preface.md │ ├── 0x03-Using-ASVS.md │ ├── 0x04-Assessment_and_Certification.md │ ├── 0x10-V1-Configuration.md │ ├── 0x11-V2-Model-Lifecycle.md │ ├── 0x12-V3-Realtime-Training.md │ ├── 0x13-V4-Model-Memory-and-Storage.md │ ├── 0x14-V5-Secure-LLM-Integration.md │ ├── 0x15-V6-Agent-and-Plugins.md │ ├── 0x16-V7-Dependency-and-Component-Security.md │ ├── 0x17-V8-Monitoring-and-Anomaly-Detection.md │ ├── 0x18-V9-Model-Context-Protocol.md │ └── 0x90-Appendix-A_Glossary.md ├── images │ ├── lakera-logo.png │ ├── license.png │ ├── owaspLogo.png │ ├── owasp_logo_1c_notext.png │ ├── owasp_logo_header.png │ └── snyk-logo.png ├── templates │ ├── eisvogel.tex │ ├── header-eisvogel.tex │ └── reference.docx └── tools │ ├── __pycache__ │ ├── asvs.cpython-310.pyc │ ├── cyclonedx.cpython-310.pyc │ └── llmsvs.cpython-310.pyc │ ├── cyclonedx.py │ ├── export.py │ ├── generate_document.sh │ ├── install_deps.sh │ └── llmsvs.py ├── 404.html ├── COMPILING.md ├── CONTRIBUTING.md ├── Gemfile ├── LICENSE.md ├── README.md ├── SECURITY.md ├── SUPPORTERS.md ├── _config.yml ├── assets └── images │ ├── lakera-logo.png │ └── snyk-logo.png ├── docker └── Dockerfile ├── index.md ├── info.md ├── leaders.md └── release.md /.gitignore: -------------------------------------------------------------------------------- 1 | /Gemfile 2 | /Gemfile.lock 3 | /favicon.ico 4 | _site/ 5 | -------------------------------------------------------------------------------- /0.1/Makefile: -------------------------------------------------------------------------------- 1 | PROJDIR=$(realpath $(CURDIR)) 2 | BUILDDIR=build 3 | DISTDIR=dist 4 | TOOLSDIR=tools 5 | TEMPLATEDIR=templates 6 | TARGETNAME=OWASP_Large_Language_Model_Security_Verification_Standard-0.1_ 7 | 8 | LANGDIRS=en #fr 9 | # Add the language directories to the project directory 10 | # Create build and dist directories and language subdirectories 11 | BUILDDIR=$(PROJDIR)/build 12 | DISTDIR=$(PROJDIR)/dist 13 | SOURCEDIR=$(PROJDIR) 14 | 15 | SOURCE_FOLDERS := $(foreach lang, $(LANGDIRS), $(SOURCEDIR)/$(lang)) 16 | BUILD_FOLDERS := $(foreach lang, $(LANGDIRS), $(BUILDDIR)/$(lang)) 17 | DIST_FOLDERS := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)) 18 | SOURCE_FILES := $(foreach lang, $(LANGDIRS), $(shell find $(SOURCEDIR)/$(lang) -type f -name "*.md")) 19 | BUILD_FILES := $(patsubst $(SOURCEDIR)/%, $(BUILDDIR)/%, $(SOURCE_FILES)) 20 | 21 | MD_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/source_$(lang).md) 22 | PDF_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).pdf) 23 | TEX_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).tex) 24 | DOCX_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).docx) 25 | ODT_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).odt) 26 | JSON_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).json) 27 | JSON_CDX_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).cdx.json) 28 | JSON_FLAT_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).flat.json) 29 | CSV_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).csv) 30 | XML_FILES := $(foreach lang, $(LANGDIRS), $(DISTDIR)/$(lang)/$(TARGETNAME)$(lang).xml) 31 | 32 | #TARGETS=$(addprefix $(DISTDIR)/,$(wildcard $(SOURCES))) 33 | TARGETS=$(addprefix $(BUILDDIRS)/,$(wildcard $(SOURCE_FILES))) 34 | EXPORT_TOOL=$(TOOLSDIR)/export.py 35 | 36 | # Change LaTeX engine 37 | PANDOC_MD_FLAGS=-f gfm -s -t markdown 38 | 39 | PANDOC_PDF_FLAGS=-f markdown -s -t latex --pdf-engine=xelatex 40 | 41 | PANDOC_TEX_FLAGS=-f markdown -s -t latex 42 | 43 | PANDOC_DOCX_FLAGS= -s \ 44 | -t docx \ 45 | -f markdown \ 46 | --toc \ 47 | --columns 10000 \ 48 | --reference-doc=./templates/reference.docx 49 | 50 | PANDOC_ODT_FLAGS= -s \ 51 | -t odt \ 52 | -f markdown \ 53 | --toc \ 54 | --columns 10000 \ 55 | --reference-doc=./templates/reference.odt 56 | 57 | .PHONY: md pdf docx json json_flat cdx_json csv xml odt tex clean rm-build rm-dist 58 | 59 | all: $(TARGETS) pdf docx json json_flat cdx_json csv xml rm-build 60 | 61 | $(BUILDDIR): 62 | mkdir -p $@ 63 | 64 | $(DISTDIR): 65 | mkdir -p $@ 66 | 67 | # transform origin md files. needed by the next stages 68 | $(BUILDDIR)/%.md: $(SOURCE_FILES) $(BUILD_FOLDERS) $(BUILDDIR) 69 | sed -E 's#(\| ?)([0-9]{1,4})( ?\|)#\1[\2](https://cwe.mitre.org/data/definitions/\2.html)\3#; s#^(\| :?---:? \| :?)---( .*)#\| :-----: \| :---------------------------------------------------\2#; s#.(./images/)#\1#; s#(\\)([rntv])#\\escape{\2}#g' $(patsubst $(BUILDDIR)/%, $(SOURCEDIR)/%, $@) > $@ 70 | echo "\newpage" >> $@ 71 | 72 | $(DIST_FOLDERS): $(DISTDIR) 73 | echo $@ 74 | mkdir -p $@ 75 | 76 | $(BUILD_FOLDERS): $(BUILDDIR) 77 | echo $@ 78 | mkdir -p $@ 79 | 80 | $(MD_FILES): $(BUILD_FILES) $(DIST_FOLDERS) $(BUILD_FOLDERS) 81 | mkdir -p $(@D) 82 | pandoc $(PANDOC_MD_FLAGS) -o $@ $(patsubst $(DISTDIR)/%, $(BUILDDIR)/%, $@) 83 | sed -Ei 's#../images/#./images/#' $@ 84 | md: $(MD_FILES) 85 | echo $(MD_FILES) 86 | 87 | $(PDF_FILES): $(BUILD_FOLDERS) $(TARGETS) $(DIST_FOLDERS) transform-md 88 | pandoc $(PANDOC_PDF_FLAGS) --include-in-header=$(TEMPLATEDIR)/header-eisvogel.tex -o $@ --template $(TEMPLATEDIR)/eisvogel.tex $(subst dist,build,$(@D)/*.md) $(subst dist,,$(@D)/0x00-Header.yaml) 89 | pdf: $(PDF_FILES) 90 | 91 | $(TEX_FILES): $(BUILD_FOLDERS) $(TARGETS) $(DIST_FOLDERS) 92 | pandoc $(PANDOC_TEX_FLAGS) --include-in-header=$(TEMPLATEDIR)/header-eisvogel.tex -o $@ --template $(TEMPLATEDIR)/eisvogel.tex $(subst dist,build,$(@D)/*.md) $(subst dist,,$(@D)/0x00-Header.yaml) 93 | tex: $(TEX_FILES) 94 | 95 | $(DOCX_FILES): $(BUILD_FOLDERS) $(TARGETS) $(DIST_FOLDERS) 96 | pandoc $(PANDOC_DOCX_FLAGS) -o $@ $(subst dist,build,$(@D)/*.md) $(subst dist,,$(@D)/0x00-Header.yaml) 97 | docx: $(DOCX_FILES) 98 | 99 | $(ODT_FILES): $(BUILD_FOLDERS) $(TARGETS) $(DIST_FOLDERS) 100 | pandoc $(PANDOC_ODT_FLAGS) -o $@ $(subst dist,build,$(@D)/*.md) --metadata-file=$(SOURCEDIR)/0x00-Header.yaml 101 | odt: $(ODT_FILES) 102 | 103 | $(JSON_FILES): $(SOURCE_FOLDERS) $(DIST_FOLDERS) 104 | python3 $(EXPORT_TOOL) --format json --language "$(subst dist,,$(@D))" > $@ 105 | json: $(JSON_FILES) 106 | 107 | $(JSON_FLAT_FILES): $(SOURCE_FOLDERS) $(DIST_FOLDERS) 108 | python3 $(EXPORT_TOOL) --format json_flat --language "$(subst dist,,$(@D))" > $@ 109 | json_flat: $(JSON_FLAT_FILES) 110 | 111 | $(JSON_CDX_FILES): $(SOURCE_FOLDERS) $(DIST_FOLDERS) 112 | python3 $(EXPORT_TOOL) --format cdx_json --language "$(subst dist,,$(@D))" > $@ 113 | cdx_json: $(JSON_CDX_FILES) 114 | 115 | $(CSV_FILES): $(SOURCE_FOLDERS) $(DIST_FOLDERS) 116 | python3 $(EXPORT_TOOL) --format csv --language "$(subst dist,,$(@D))" > $@ 117 | csv: $(CSV_FILES) 118 | 119 | $(XML_FILES): $(SOURCE_FOLDERS) $(DIST_FOLDERS) 120 | python3 $(EXPORT_TOOL) --format xml --language "$(subst dist,,$(@D))" > $@ 121 | xml: $(XML_FILES) 122 | 123 | rm-build: $(BUILDDIR) 124 | rm -rf $(BUILDDIR) 125 | 126 | rm-dist: $(DIST_FOLDERS) 127 | rm -rf $(DIST_FOLDERS) 128 | 129 | clean: rm-build rm-dist 130 | 131 | transform-md: $(BUILD_FILES) 132 | -------------------------------------------------------------------------------- /0.1/en/0x00-Header.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | title: "LLM Security Verification Standard 0.0.1" 3 | subtitle: "Bleeding Edge Version" 4 | date: 2024 5 | titlepage: true 6 | titlepage-rule-height: 0 7 | titlepage-logo: "images/owasp_logo_1c_notext.png" 8 | table-use-row-colors: true 9 | toc: true 10 | toc-own-page: true 11 | geometry: "left=2cm,right=2cm,top=3cm,bottom=3cm" 12 | CJKmainfont: "Noto Sans CJK JP" 13 | mainfont: "Source Serif 4" 14 | sansfont: "Source Sans 3" 15 | --- 16 | 17 | -------------------------------------------------------------------------------- /0.1/en/0x01-Frontispiece.md: -------------------------------------------------------------------------------- 1 | # Frontispiece 2 | 3 | ## About the Standard 4 | 5 | The Large Language Model Security Verification Standard is a list of specific AI and LLM security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure LLM driven applications. 6 | 7 | ## Copyright and License 8 | 9 | Version 0.0.1 (Bleeding Edge version), 2024 10 | 11 | ![license](../images/license.png) 12 | 13 | Copyright © 2008-2024 The OWASP Foundation. This document is released under the [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/). For any reuse or distribution, you must make clear to others the license terms of this work. 14 | 15 | ## Project Leads 16 | 17 | | | | | 18 | |---------------------- |----------------- |------------ | 19 | | Vandana Sehgal | Elliot Ward | | 20 | 21 | ## Other Contributors and Reviewers 22 | 23 | | | | | | | 24 | |---------------- |------------------ |--------------------- |-------------------- |--------------------- | 25 | | Eric Allen (Lakera) | Frawa Vetterli (Lakera) | Rory McNamara (Snyk) | Raul Onitza-Klugman (Snyk) |Moshe Ben-Nehemia (Snyk)| 26 | | Sam Watts (Lakera) | | | | | 27 | 28 | If a credit is missing from the 0.0.1 credit list above, please log a ticket at GitHub to be recognized in future 0.x updates. 29 | 30 | The Large Language Model Security Verification Standard is built upon the initial research performed into LLM security by the Snyk Security labs team in 2023. Much of the concept, structure, boilerplate and tooling for the LLMSVS has been adapted from the OWASP ASVS project. Thank you to all those previously involved in the OWASP ASVS. 31 | 32 | ## Major Supporters and Sponsors 33 | This initiative would not have been possible without the support of our sponsors and the resources they have provided. We would like to express our gratitude to the following for their support. 34 | 35 | ### Snyk 36 | ![](../images/snyk-logo.png) 37 | 38 | The LLMSVS project was founded as a way to share some of the knowledge gained from research into AI and LLM projects within the Snyk Security Labs team. We thank Snyk for the effort into eliciting the initial requirements and founding the project. 39 | 40 | 41 | ### Lakera 42 | ![](../images/lakera-logo.png) 43 | 44 | Lakera, a security company that empowers developers to confidently build secure Generative AI applications, reviewed and proofread an early draft of this standard, providing guidance based on their expertise with model lifecycle security and secure LLM integration. 45 | -------------------------------------------------------------------------------- /0.1/en/0x02-Preface.md: -------------------------------------------------------------------------------- 1 | # Preface 2 | Welcome to the first alpha release of the OWASP Large Language Model Security Verification Standard (LLMSVS), which provides a framework for evaluating the security of applications and systems that integrate Large Language Models (LLMs). 3 | 4 | The LLMSVS aims to offer clear and practical guidelines that apply universally and assist developers, architects, security professionals, vendors, and researchers in securing LLM-powered systems. 5 | 6 | The LLMSVS is the result of a collaborative effort drawing on the expertise of professionals across various sectors. It addresses the unique security challenges presented by LLMs, focusing on functional and non-functional security aspects. This alpha release lays the foundation for an adapting set of guidelines shaped by ongoing feedback and the changing dynamics of LLMs, emerging Artificial Intelligence (AI) technologies, and advances in cybersecurity. 7 | 8 | This release creates a starting point for discussing and improving the verification standard. This standard is not final and will evolve based on contributions from the community and advancements in the field. We recognize that there is no one-size-fits-all security solution, especially in a field as emergent as AI, and we anticipate the need for regular updates and refinements. 9 | 10 | This alpha release invites the broader community to participate in developing and enhancing the LLMSVS. We value the diverse perspectives and expertise each participant brings to this project. Your feedback and contributions are crucial to ensuring the standard remains relevant and practical. 11 | 12 | We’d like to thank the contributors for their valuable input and look forward to your continued support and involvement in developing the LLMSVS. 13 | -------------------------------------------------------------------------------- /0.1/en/0x03-Using-ASVS.md: -------------------------------------------------------------------------------- 1 | # Utilizing the LLMSVS 2 | The OWASP LLMSVS serves several key purposes: 3 | 4 | - **Assisting Development Teams**: guide teams in developing and maintaining secure LLM-powered applications. 5 | 6 | - **Framework for Security Teams**: assist security teams in setting requirements, guiding security audits, and conducting penetration tests against LLM-powered systems. 7 | 8 | - **Aligning Security Benchmarks**: establish a common ground for security service providers, vendors, and clients regarding security expectations. 9 | 10 | ## Security Verification Layers 11 | The LLMSVS categorizes security verification into three distinct levels, each tailored to different levels of security assurance: 12 | 13 | 1. **LLMSVS Level 1 - Basic Security**: This level is aimed at applications with lower security risk and focuses on fundamental security controls for any LLM-powered system. 14 | 15 | 2. **LLMSVS Level 2 - Moderate Security**: This level is ideal for applications handling sensitive data, offering a balanced approach to security that meets the needs of most applications. These applications may range from personal assistants, APIs processing customer data, or systems processing internal company data. 16 | 17 | 3. **LLMSVS Level 3 - High Assurance Security**: This level provides the most extensive security measures for the most critical applications involving sensitive data or high-value transactions. These applications may range from business critical applications that are essential for business operation, systems which handle financial transactions, or systems which fall under specific industry regulations such as those which process patient or healthcare data. 18 | 19 | Each level of the LLMSVS provides a set of specific security requirements, mapping these to essential security features and practices necessary for building and operating robust LLM-powered applications. This approach equips developers, architects, and security professionals with practical and actionable guidelines. Whether building, enhancing, or evaluating the security of these applications, the LLMSVS provides a clear roadmap for all stakeholders involved in the life cycle of LLM-powered systems. 20 | 21 | ## Assumptions 22 | When utilizing the LLMSVS, it's important to keep in mind the following assumptions: 23 | 24 | - The LLMSVS is not a replacement for adhering to secure development best practices, such as secure coding or a Secure Software Development Life Cycle (SSDLC). These practices should be integrally adopted throughout your development efforts, with the LLMSVS serving to augment them specifically for LLM-powered applications. 25 | 26 | - The LLMSVS is not intended to substitute for comprehensive risk assessments or in-depth security reviews. Rather, it serves as a guide to address potential security vulnerabilities specific to LLM-powered applications. Employing the LLMSVS should complement, not replace, these crucial security practices to ensure a more thorough evaluation and mitigation of risks. 27 | 28 | While the LLMSVS offers a comprehensive framework for enhancing the security of LLM-powered applications, it cannot ensure complete security. It should be viewed as a foundational set of security requirements, with additional protective measures taken as needed to mitigate specific LLM risks and threats. 29 | -------------------------------------------------------------------------------- /0.1/en/0x04-Assessment_and_Certification.md: -------------------------------------------------------------------------------- 1 | # Assessment and Certification 2 | 3 | ## OWASP's Stance on LLMSVS Certifications and Trust Marks 4 | 5 | OWASP, as a vendor-neutral not-for-profit organization, does not currently certify any vendors, verifiers or software. 6 | 7 | All such assurance assertions, trust marks, or certifications are not officially vetted, registered, or certified by OWASP, so an organization relying upon such a view needs to be cautious of the trust placed in any third party or trust mark claiming (LLM)SVS certification. 8 | 9 | This should not inhibit organizations from offering such assurance services, as long as they do not claim official OWASP certification. 10 | 11 | ## Guidance for Certifying Organizations 12 | 13 | For Large Language Model Security Verification Standard (LLMSVS) compliance, an "open book" review is recommend, granting assessors access to essential resources such as system architects, developers, project documentation, source code, and authenticated interfaces, including access to at least one account for each user role. 14 | 15 | It is important to note that the LLMSVS only covers the security requirements pertaining to LLM usage and integration. It does not cover general application security controls (e.g web services ) which are not specific to an LLM-powered system. Any additional systems and non-LLM properties should be verified against appropriate standards, such as the [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/). 16 | 17 | Certification reports should clearly define the verification scope, particularly noting any exclusions, and summarize findings with details on both passed and failed tests, including guidance for addressing failures. Industry-standard practice requires detailed documentation of the verification process, including work papers, screenshots, scripts for issue replication, and electronic testing records such as proxy logs. Automated tool results alone are insufficient; documentation must provide conclusive evidence of thorough and rigorous testing of all controls. In case of disputes, sufficient evidence should be present to verify that each verified control has indeed been tested. -------------------------------------------------------------------------------- /0.1/en/0x10-V1-Configuration.md: -------------------------------------------------------------------------------- 1 | # V1. Secure Configuration and Maintenance 2 | 3 | ## Control Objective 4 | Ensure that LLMs, hosted by a model provider or self-hosted, are configured and maintained securely to prevent unauthorized access and leakage of sensitive information. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 1.1 | Identify any components that store secrets, like API keys, for third-party systems, like hosted LLMs and vector databases, and ensure the secure handling of these credentials according to section V2.10 “Service Authentication” of the OWASP ASVS. | | ✓ | ✓ | 9 | | 1.2 | For self-hosted LLMs, ensure they are appropriately segregated within the network to prevent direct exposure to end-users unless such access is required. | | ✓ | ✓ | 10 | | 1.3 | Maintain an up-to-date inventory of all LLM instances and apply regular updates and patches to self-hosted models. | | | ✓ | 11 | | 1.4 | Perform and document regular configuration reviews for configuration settings associated with the LLM-powered system. | | | ✓ | 12 | -------------------------------------------------------------------------------- /0.1/en/0x11-V2-Model-Lifecycle.md: -------------------------------------------------------------------------------- 1 | # V2. Model Lifecycle 2 | 3 | ## Control Objective 4 | Ensure that the Machine Learning (ML) lifecycle for models used within LLM-powered systems considers the various security threats from dataset curation, model training, and validation. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 2.1 | Ensure that the lifecycle of machine learning models is integrated into the existing Secure Software Development Lifecycle (SSDLC). Defined processes should exist and be available for each stage of the lifecycle of ML models. | | ✓ | ✓ | 9 | | 2.2 | Document user stories defining the requirements and use cases for any new ML model being produced. | | ✓ | ✓ | 10 | | 2.3 | Ensure that model training resources and datasets are acquired from trustworthy sources and validated for correctness or free from malicious data. | ✓ | ✓ | ✓ | 11 | | 2.4 | Ensure that model training resources and datasets are properly secured from unauthorized modification once acquired. | | ✓ | ✓ | 12 | | 2.5 | Ensure that the source of any training resources and datasets is documented. | | | ✓ | 13 | | 2.6 | Ensure that any data cleaning or other modifications to the original training resources are tracked and auditable to reduce the risk of data poisoning from an insider threat. | | | ✓ | 14 | | 2.7 | Ensure that the intellectual property rights of model training resources and datasets are checked to avoid potential license or copyright infringement issues. Ensure this process is documented and auditable. | ✓ | ✓ | ✓ | 15 | | 2.8 | Ensure that model training resources are audited for sensitive data (such as PII, internal company data, etc.) and cleaned before training to mitigate sensitive data exposure in model responses. | | ✓ | ✓ | 16 | | 2.9 | Ensure secure acquisition and storage of foundational or pre-trained models. | ✓ | ✓ | ✓ | 17 | | 2.10 | Where possible, prefer secure model formats such as SafeTensors over formats that use unsafe serialization, like PyTorch’s Pickle format. | ✓ | ✓ | ✓ | 18 | | 2.11 | Ensure that foundational models are fine-tuned to limit irrelevant data points which may lead to poor model performance. | | ✓ | ✓ | 19 | | 2.12 | Check regulatory obligations to ensure compliance when handling and processing model training data. | | ✓ | ✓ | 20 | | 2.13 | Ensure that a ML Bill-of-Materials (BOM) is produced for each model. | | | ✓ | 21 | | 2.14 | Consider watermarking techniques for model responses when model theft is a concern, or the output of the model needs to be identifiable. | | | ✓ | 22 | | 2.15 | Ensure tooling to detect biases and ensure fairness are integrated into the ML models lifecycle. | | ✓ | ✓ | 23 | | 2.16 | Ensure security tooling to detect LLM vulnerabilities such as injection attacks, jailbreak attempts and other abuse are integrated into the ML models lifecycle. | | ✓ | ✓ | 24 | | 2.17 | Before a model is finalized for deployment, conduct a thorough risk assessment to understand potential security, ethical, and operational risks. This assessment should guide the decision-making process regarding the deployment of the model. | | | ✓ | 25 | | 2.18 | Ensure there is a clear plan for decommissioning models that are no longer in use. This includes securely erasing data, model parameters, and any sensitive information associated with the model to prevent unauthorized access or misuse. | | | ✓ | 26 | -------------------------------------------------------------------------------- /0.1/en/0x12-V3-Realtime-Training.md: -------------------------------------------------------------------------------- 1 | # V3. Real Time Learning 2 | 3 | ## Control Objective 4 | Establish controls to reduce the risks associated with real time learning within LLM systems, where the models are continuously fine-tuned based on user interactions in real time. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 3.1 | Define clear terms of use and guidelines for interacting with the model and make users aware of acceptable and unacceptable behaviors. | ✓ | ✓ | ✓ | 9 | | 3.2 | Ensure continuous monitoring of the model's performance and interactions. This includes logging all inputs and outputs (where appropriate, with consideration to the potential sensitivity of the data) in real time to quickly identify and address any inappropriate or unexpected behavior. | | ✓ | ✓ | 10 | | 3.3 | Create clear protocols for immediate intervention in case the model starts displaying undesirable behavior. This should include the ability to quickly take the system offline if necessary. | | | ✓ | 11 | | 3.4 | Regularly analyze user interactions to identify and mitigate attempts to manipulate the model into inappropriate behavior. | | | ✓ | 12 | | 3.5 | Consider using an incremental learning approach where the model can be updated in increments with human approval. | | | ✓ | 13 | -------------------------------------------------------------------------------- /0.1/en/0x13-V4-Model-Memory-and-Storage.md: -------------------------------------------------------------------------------- 1 | # V4. Model Memory and Storage 2 | 3 | ## Control Objective 4 | Ensure that mechanisms which allow for “memory” or additional knowledge that was not included in the training phase is safely handled. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 4.1 | Ensure that mechanisms that implement “Conversational memory” do not mistakenly mix up prior prompts for other users. | ✓ | ✓ | ✓ | 9 | | 4.2 | Ensure that mechanisms which support “long-term” storage appropriately segregate user data to ensure it is not possible to retrieve data pertaining to other users, or inject false records for other users. | ✓ | ✓ | ✓ | 10 | | 4.3 | Ensure that controls exist to detect leakage of sensitive data from internal knowledge bases provided as additional context to the LLM. It should not be possible to coerce the LLM into leaking the contents of the knowledge base. | | ✓ | ✓ | 11 | | 4.4 | Ensure that external storage components such as vector databases and caches require authentication for consumers. | ✓ | ✓ | ✓ | 12 | | 4.5 | Enforce the principle of least privilege for accessing production storage components, such as vector databases and caches. | | ✓ | ✓ | 13 | | 4.6 | When updating embeddings within a knowledge base, ensure that an adversary is not able to inject arbitrary documents or otherwise insert false information into the knowledge base. | ✓ | ✓ | ✓ | 14 | -------------------------------------------------------------------------------- /0.1/en/0x14-V5-Secure-LLM-Integration.md: -------------------------------------------------------------------------------- 1 | # V5. Secure LLM Integration 2 | 3 | ## Control Objective 4 | Establish controls that enable safe interactions and operations between application components and LLMs. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 5.1 | Ensure that prompts to LLMs are issued from a trusted server-side component. | ✓ | ✓ | ✓ | 9 | | 5.2 | Ensure that prompts to LLMs are constructed server-side, rather than accepting the complete prompt directly from the client. | ✓ | ✓ | ✓ | 10 | | 5.3 | Consider the use of redundant LLM accounts and providers to avoid single points of failure and ensure application availability. | | | ✓ | 11 | | 5.4 | Ensure that credentials for LLM providers are securely handled according to section V2.10 “Service Authentication” of the OWASP ASVS. | | ✓ | ✓ | 12 | | 5.5 | Ensure that the output format and properties of the data returned from the LLM match the expected structure and properties. Specifically, when a response is expected in JSON, the result should not only be in valid JSON format, but also undergo schema validation to ensure it contains all the expected JSON fields and does not include any unnecessary or extraneous properties. | ✓ | ✓ | ✓ | 13 | | 5.6 | Ensure that the output language of the LLM response matches the expected language. | | ✓ | ✓ | 14 | | 5.7 | Consider using canary tokens in LLM prompts and check whether LLM completions contain the canary word to detect prompt leakage attacks. | | | ✓ | 15 | | 5.8 | Check the entropy of LLM responses to detect encoded data which aims to circumvent additional checks, such as bypassing canary tokens. | | | ✓ | 16 | | 5.9 | Perform length checks on LLM completions to verify that the response length is within an expected range. For example, a response that is significantly longer than the normal output length might indicate the completion is including additional, unexpected data. | | | ✓ | 17 | | 5.10 | Ensure that the application properly suppresses any exceptions and error messages when interacting with the LLM. LLM errors may inadvertently leak the prompt and should not be visible to the client. | ✓ | ✓ | ✓ | 18 | | 5.11 | Ensure that appropriate LLM guards are used to scan prompts and compilations to help detect potential prompt injection attacks. | | ✓ | ✓ | 19 | | 5.12 | Ensure that all prompts are considered to be untrusted and subjected to any deployed security controls. Reflecting stored data, data from third-party APIs, or the response from previous prompt compilations may lead to indirect prompt injections and must be subjected to the same controls as prompts containing direct user input. | | ✓ | ✓ | 20 | | 5.13 | Ensure that the output of LLM completions is considered to be untrusted by any subsequent system. For example, if using the LLM response within a SQL query, the query should not be constructed by concatenating parts of the LLM response but should follow section V5.3.4 of the OWASP ASVS and use parmeterized queries. | ✓ | ✓ | ✓ | 21 | | 5.14 | Ensure that systems that result in LLM calls have appropriate API rate limiting to avoid excessive calls to LLMs, which may result in unexpected and excessive LLM costs. | | ✓ | ✓ | 22 | | 5.15 | Ensure that cost alerts are active within LLM provider configurations to be alerted when costs exceed expectations. | ✓ | ✓ | ✓ | 23 | | 5.16 | Define baselines for normal LLM interactions and monitor and alert when abnormal LLM interactions are detected. | | | ✓ | 24 | | 5.17 | Ensure any functionality that allows anonymous users to preview features is properly restricted to allow only the necessary features. | | ✓ | ✓ | 25 | -------------------------------------------------------------------------------- /0.1/en/0x15-V6-Agent-and-Plugins.md: -------------------------------------------------------------------------------- 1 | # V6. Agents and Plugins 2 | 3 | ## Control Objective 4 | The autonomous nature of agent-based systems presents new risks and can increase the impact of attacks such as prompt injection. These controls aim to reduce the risk associated with autonomous LLM components to an acceptable level. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 6.1 | Ensure that agent based solutions only expose access to the agent tools and plugins required for the current task. When multiple agent supported tasks exist, it should not be possible for a given task to leverage tools or plugins used by another task. | ✓ | ✓ | ✓ | 9 | | 6.2 | Ensure that custom plugins and agent tools follow existing SSDLC processes. | | ✓ | ✓ | 10 | | 6.3 | Ensure third-party plugins and toolkits are properly vetted according to existing Third-party risk management processes. | | ✓ | ✓ | 11 | | 6.4 | Ensure that the parameters for agent tools and plugins are validated prior to execution. Typical checks should include type checks at minimum, in addition to any more specific validation. | | ✓ | ✓ | 12 | | 6.5 | Ensure that credentials for third-party services consumed by agent tools and plugins are securely handled according to section V2.10 “Service Authentication” of the OWASP ASVS. | | ✓ | ✓ | 13 | | 6.6 | Ensure that agent and plugin frameworks contain hooks that allow the raw prompts and completions to be intercepted, enabling LLM guards to operate, and enabling proper monitoring, troubleshooting, and auditing. | | ✓ | ✓ | 14 | | 6.7 | Ensure that custom built plugins consider the scope of the currently authenticated principle. Plugins should not be able to access more than what the current principle is authorized to access. | | ✓ | ✓ | 15 | | 6.8 | Ensure that the host that executes agent tools and plugins is appropriately segregated from other internal components. Certain internal services might need to be queried, but firewall rules should enforce that unrelated services are not reachable. | | | ✓ | 16 | | 6.9 | Ensure that the host that executes agent tools and plugins is appropriately restricted from making arbitrary egress network requests. Only traffic for required APIs and services should be allowed to help increase the difficulty of data exfiltration from autonomous agents. | | | ✓ | 17 | | 6.10 | Ensure that API tokens for third-party services are scoped to the minimum required by the agent or plugin. For example, an agent designed to read messages from a specific Slack channel should not be able to read messages from other channels or post messages. | | ✓ | ✓ | 18 | | 6.11 | Consider manual approval, sometimes referred to as “human in the loop,” for sensitive operations before autonomous agents can continue execution. | | | ✓ | 19 | | 6.12 | Ensure that agents are executed in a sand-boxed ephemeral environment to reduce the risk of agent prompts which result in code execution due to software defects. | | | ✓ | 20 | -------------------------------------------------------------------------------- /0.1/en/0x16-V7-Dependency-and-Component-Security.md: -------------------------------------------------------------------------------- 1 | # V7. Dependency and Component 2 | 3 | ## Control Objective 4 | Ensure that third-party components and dependencies are safely handled to reduce supply chain risk. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 7.1 | Utilize Software Composition Analysis (SCA) tools to identify and remediate known vulnerabilities within third-party components used in LLM-powered applications. | | ✓ | ✓ | 9 | | 7.2 | Ensure that all third-party LLM components are acquired from a trusted source. | ✓ | ✓ | ✓ | 10 | | 7.3 | Ensure a defined vulnerability and patch management process exists for third-party components. | | ✓ | ✓ | 11 | | 7.4 | Ensure that a Software Bill of Materials (SBOM) exists cataloging third-party components, licenses, and versions. | | ✓ | ✓ | 12 | | 7.5 | Where unsafe PyTorch models are required, ensure the model is scanned for potentially dangerous Python imports. | | ✓ | ✓ | 13 | | 7.6 | When hosting LLM components within private package registries, ensure the setup is not susceptible to Dependency Confusion attacks. | | ✓ | ✓ | 14 | -------------------------------------------------------------------------------- /0.1/en/0x17-V8-Monitoring-and-Anomaly-Detection.md: -------------------------------------------------------------------------------- 1 | # V.8 Monitoring and Anomaly Detection 2 | 3 | ## Control Objective 4 | Continuously monitor the use of LLM-powered applications to detect anomalous behavior or outputs that could indicate security incidents or system misuse. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | - | ---------- | -- | -- | -- | 8 | | 8.1 | Continuously monitor the usage patterns of LLM applications for anomalies that could indicate security incidents, such as unexpected spikes in usage or deviations from typical output patterns. | | ✓ | ✓ | 9 | | 8.2 | Establish logging and alerting mechanisms for events that could suggest prompt leaks, such as the appearance of canary tokens (see 5.7) in logs or unexpected language patterns. | | ✓ | ✓ | 10 | -------------------------------------------------------------------------------- /0.1/en/0x18-V9-Model-Context-Protocol.md: -------------------------------------------------------------------------------- 1 | # V.9 Model Context Protocol (MCP) Security 2 | 3 | ## Control Objective 4 | Ensure every MCP server, client and tool operates with strong authentication, least-privilege access, integrity assurance and continuous monitoring so that LLM integrations cannot be hijacked, abused or silently altered. 5 | 6 | | # | Requirement | L1 | L2 | L3 | 7 | | ---- | ----------- | -- | -- | -- | 8 | | 9.1 | Require mutual-TLS or signed access-tokens for every MCP client server connection to authenticate both sides. | ✓ | ✓ | ✓ | 9 | | 9.2 | Store OAuth / API credentials for MCP tools in a dedicated secrets-manager; never in plaintext configs or model context. | ✓ | ✓ | ✓ | 10 | | 9.3 | Enforce fine-grained, least-privilege permission scopes for each tool (e.g., read-only, no delete). | ✓ | ✓ | ✓ | 11 | | 9.4 | Maintain an allow-list of approved MCP servers with integrity-pinned hashes; block unknown or modified servers. | | ✓ | ✓ | 12 | | 9.5 | Validate & hash-pin tool descriptions; alert on any post-approval mutation (“tool-poisoning”). | | | ✓ | 13 | | 9.6 | Schema and type-validate every tool invocation and every argument before execution. | ✓ | ✓ | ✓ | 14 | | 9.7 | Scan tool descriptions, inputs and outputs for prompt-injection patterns and hidden directives before passing them to the model. | ✓ | ✓ | ✓ | 15 | | 9.8 | Apply rate-limits and resource quotas on each tool to mitigate DoS and runaway cost-spikes. | ✓ | ✓ | ✓ | 16 | | 9.9 | Require explicit human-in-the-loop approval for high-risk operations (financial transfers, file writes, privileged admin APIs). | | | ✓ | 17 | | 9.10 | Log every MCP call (caller, tool, parameters, result) and stream to SIEM; retain logs per data-retention policy. | ✓ | ✓ | ✓ | 18 | | 9.11 | Baseline normal tool-call patterns and raise alerts on anomalies (e.g., new tools, unusual volume, unusual time-of-day). | | | ✓ | 19 | | 9.12 | Run each MCP server in a sandboxed, network-segmented environment; block outbound traffic except whitelisted APIs. | | | ✓ | 20 | | 9.13 | Produce and maintain an SBOM for every MCP server, connector and library; remediate known CVEs within policy SLAs. | | ✓ | ✓ | 21 | | 9.14 | Conduct automated drift-detection and re-validation of MCP tool hashes, server manifests and OAuth permission scopes whenever a change is observed or at least every 30 days. | | | ✓ | 22 | | 9.15 | Adopt signed-update / notarisation mechanisms for MCP server binaries or containers to prevent supply-chain attacks. | | | ✓ | 23 | | 9.16 | Provide user-facing transparency UI showing which tools are exposed, when invoked and with which parameters. | ✓ | ✓ | ✓ | 24 | | 9.17 | Scan MCP server code with SAST tools (or equivalent) to detect and fix “classical” vulnerabilities (e.g., OS command injection) that could be triggered via prompt injection. | ✓ | ✓ | ✓ | 25 | -------------------------------------------------------------------------------- /0.1/en/0x90-Appendix-A_Glossary.md: -------------------------------------------------------------------------------- 1 | # Appendix A: Glossary 2 | 3 | * **Large Language Model (LLM)** – A type of artificial intelligence model designed to understand, generate, and interact with human language, based on vast amounts of text data. LLMs can perform a variety of language tasks like translation, summarization, and question answering. 4 | 5 | * **Prompt Injection** – A technique where an attacker intentionally crafts inputs (or "prompts") to manipulate or exploit the behavior of an LLM. This can involve inserting misleading, biased, or malicious information in a prompt to influence the model's output. 6 | 7 | * **LLM Agent** – A software entity or bot that utilizes a Large Language Model to perform tasks, answer queries, or interact in conversations, often designed to automate certain functions or provide user assistance. 8 | 9 | * **Model Poisoning** – A malicious attempt to influence or corrupt a machine learning model's training data, causing it to learn incorrect, biased, or harmful behaviors. 10 | 11 | * **Natural Language Processing (NLP)** – The field of computer science and artificial intelligence focused on enabling computers to understand, interpret, and generate human language. 12 | 13 | * **Transformer Architecture** – A neural network architecture used in many modern LLMs. It is known for its ability to handle sequential data and its effectiveness in tasks involving natural language. 14 | 15 | * **Tokenization** – The process of converting text into smaller units (tokens), such as words, characters, or subwords, which can be used as input for language models. 16 | 17 | * **Fine-Tuning** – The process of taking a pre-trained model and further training it on a specific dataset to specialize it for particular tasks or domains. 18 | 19 | * **Data Privacy** – Concerns related to the handling, processing, and storage of sensitive or personal information by language models, especially when dealing with user inputs. 20 | 21 | * **Bias in AI** – The phenomenon where AI models, including LLMs, exhibit biased behavior, often as a result of biased training data or algorithms. 22 | 23 | * **Adversarial Attack** – A strategy where attackers create inputs to deceive AI models into making errors. This is particularly concerning in security-sensitive applications of LLMs. 24 | 25 | * **Principle of Least Privilege** – A security concept that involves granting users or systems the minimal level of access or permissions necessary to perform their tasks. This principle helps minimize potential damage from accidents or malicious attacks by limiting access rights for users to the bare minimum necessary to complete their duties. 26 | -------------------------------------------------------------------------------- /0.1/images/lakera-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/lakera-logo.png -------------------------------------------------------------------------------- /0.1/images/license.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/license.png -------------------------------------------------------------------------------- /0.1/images/owaspLogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/owaspLogo.png -------------------------------------------------------------------------------- /0.1/images/owasp_logo_1c_notext.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/owasp_logo_1c_notext.png -------------------------------------------------------------------------------- /0.1/images/owasp_logo_header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/owasp_logo_header.png -------------------------------------------------------------------------------- /0.1/images/snyk-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/images/snyk-logo.png -------------------------------------------------------------------------------- /0.1/templates/eisvogel.tex: -------------------------------------------------------------------------------- 1 | %% 2 | % Copyright (c) 2017 - 2024, Pascal Wagler; 3 | % Copyright (c) 2014 - 2024, John MacFarlane 4 | % 5 | % All rights reserved. 6 | % 7 | % Redistribution and use in source and binary forms, with or without 8 | % modification, are permitted provided that the following conditions 9 | % are met: 10 | % 11 | % - Redistributions of source code must retain the above copyright 12 | % notice, this list of conditions and the following disclaimer. 13 | % 14 | % - Redistributions in binary form must reproduce the above copyright 15 | % notice, this list of conditions and the following disclaimer in the 16 | % documentation and/or other materials provided with the distribution. 17 | % 18 | % - Neither the name of John MacFarlane nor the names of other 19 | % contributors may be used to endorse or promote products derived 20 | % from this software without specific prior written permission. 21 | % 22 | % THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | % "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | % LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 | % FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 | % COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 | % INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 | % BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 | % LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 30 | % CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 | % LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 32 | % ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 | % POSSIBILITY OF SUCH DAMAGE. 34 | %% 35 | 36 | %% 37 | % This is the Eisvogel pandoc LaTeX template. 38 | % 39 | % For usage information and examples visit the official GitHub page: 40 | % https://github.com/Wandmalfarbe/pandoc-latex-template 41 | %% 42 | 43 | % Options for packages loaded elsewhere 44 | \PassOptionsToPackage{unicode$for(hyperrefoptions)$,$hyperrefoptions$$endfor$}{hyperref} 45 | \PassOptionsToPackage{hyphens}{url} 46 | \PassOptionsToPackage{dvipsnames,svgnames,x11names,table}{xcolor} 47 | $if(CJKmainfont)$ 48 | \PassOptionsToPackage{space}{xeCJK} 49 | $endif$ 50 | % 51 | \documentclass[ 52 | $if(fontsize)$ 53 | $fontsize$, 54 | $endif$ 55 | $if(papersize)$ 56 | $papersize$paper, 57 | $else$ 58 | paper=a4, 59 | $endif$ 60 | $if(beamer)$ 61 | ignorenonframetext, 62 | $if(handout)$ 63 | handout, 64 | $endif$ 65 | $if(aspectratio)$ 66 | aspectratio=$aspectratio$, 67 | $endif$ 68 | $if(babel-lang)$ 69 | $babel-lang$, 70 | $endif$ 71 | $endif$ 72 | $for(classoption)$ 73 | $classoption$$sep$, 74 | $endfor$ 75 | ,captions=tableheading 76 | ]{$if(beamer)$$documentclass$$else$$if(book)$scrbook$else$scrartcl$endif$$endif$} 77 | $if(beamer)$ 78 | $if(background-image)$ 79 | \usebackgroundtemplate{% 80 | \includegraphics[width=\paperwidth]{$background-image$}% 81 | } 82 | % In beamer background-image does not work well when other images are used, so this is the workaround 83 | \pgfdeclareimage[width=\paperwidth,height=\paperheight]{background}{$background-image$} 84 | \usebackgroundtemplate{\pgfuseimage{background}} 85 | $endif$ 86 | \usepackage{pgfpages} 87 | \setbeamertemplate{caption}[numbered] 88 | \setbeamertemplate{caption label separator}{: } 89 | \setbeamercolor{caption name}{fg=normal text.fg} 90 | \beamertemplatenavigationsymbols$if(navigation)$$navigation$$else$empty$endif$ 91 | $for(beameroption)$ 92 | \setbeameroption{$beameroption$} 93 | $endfor$ 94 | % Prevent slide breaks in the middle of a paragraph 95 | \widowpenalties 1 10000 96 | \raggedbottom 97 | $if(section-titles)$ 98 | \setbeamertemplate{part page}{ 99 | \centering 100 | \begin{beamercolorbox}[sep=16pt,center]{part title} 101 | \usebeamerfont{part title}\insertpart\par 102 | \end{beamercolorbox} 103 | } 104 | \setbeamertemplate{section page}{ 105 | \centering 106 | \begin{beamercolorbox}[sep=12pt,center]{section title} 107 | \usebeamerfont{section title}\insertsection\par 108 | \end{beamercolorbox} 109 | } 110 | \setbeamertemplate{subsection page}{ 111 | \centering 112 | \begin{beamercolorbox}[sep=8pt,center]{subsection title} 113 | \usebeamerfont{subsection title}\insertsubsection\par 114 | \end{beamercolorbox} 115 | } 116 | \AtBeginPart{ 117 | \frame{\partpage} 118 | } 119 | \AtBeginSection{ 120 | \ifbibliography 121 | \else 122 | \frame{\sectionpage} 123 | \fi 124 | } 125 | \AtBeginSubsection{ 126 | \frame{\subsectionpage} 127 | } 128 | $endif$ 129 | $endif$ 130 | $if(beamerarticle)$ 131 | \usepackage{beamerarticle} % needs to be loaded first 132 | $endif$ 133 | \usepackage{amsmath,amssymb} 134 | $if(linestretch)$ 135 | \usepackage{setspace} 136 | $else$ 137 | % Use setspace anyway because we change the default line spacing. 138 | % The spacing is changed early to affect the titlepage and the TOC. 139 | \usepackage{setspace} 140 | \setstretch{1.2} 141 | $endif$ 142 | \usepackage{iftex} 143 | \ifPDFTeX 144 | \usepackage[$if(fontenc)$$fontenc$$else$T1$endif$]{fontenc} 145 | \usepackage[utf8]{inputenc} 146 | \usepackage{textcomp} % provide euro and other symbols 147 | \else % if luatex or xetex 148 | $if(mathspec)$ 149 | \ifXeTeX 150 | \usepackage{mathspec} % this also loads fontspec 151 | \else 152 | \usepackage{unicode-math} % this also loads fontspec 153 | \fi 154 | $else$ 155 | \usepackage{unicode-math} % this also loads fontspec 156 | $endif$ 157 | \defaultfontfeatures{Scale=MatchLowercase}$-- must come before Beamer theme 158 | \defaultfontfeatures[\rmfamily]{Ligatures=TeX,Scale=1} 159 | \fi 160 | $if(fontfamily)$ 161 | $else$ 162 | $-- Set default font before Beamer theme so the theme can override it 163 | \usepackage{lmodern} 164 | $endif$ 165 | $-- Set Beamer theme before user font settings so they can override theme 166 | $if(beamer)$ 167 | $if(theme)$ 168 | \usetheme[$for(themeoptions)$$themeoptions$$sep$,$endfor$]{$theme$} 169 | $endif$ 170 | $if(colortheme)$ 171 | \usecolortheme{$colortheme$} 172 | $endif$ 173 | $if(fonttheme)$ 174 | \usefonttheme{$fonttheme$} 175 | $endif$ 176 | $if(mainfont)$ 177 | \usefonttheme{serif} % use mainfont rather than sansfont for slide text 178 | $endif$ 179 | $if(innertheme)$ 180 | \useinnertheme{$innertheme$} 181 | $endif$ 182 | $if(outertheme)$ 183 | \useoutertheme{$outertheme$} 184 | $endif$ 185 | $endif$ 186 | $-- User font settings (must come after default font and Beamer theme) 187 | $if(fontfamily)$ 188 | \usepackage[$for(fontfamilyoptions)$$fontfamilyoptions$$sep$,$endfor$]{$fontfamily$} 189 | $endif$ 190 | \ifPDFTeX\else 191 | % xetex/luatex font selection 192 | $if(mainfont)$ 193 | $if(mainfontfallback)$ 194 | \ifLuaTeX 195 | \usepackage{luaotfload} 196 | \directlua{luaotfload.add_fallback("mainfontfallback",{ 197 | $for(mainfontfallback)$"$mainfontfallback$"$sep$,$endfor$ 198 | })} 199 | \fi 200 | $endif$ 201 | \setmainfont[$for(mainfontoptions)$$mainfontoptions$$sep$,$endfor$$if(mainfontfallback)$,RawFeature={fallback=mainfontfallback}$endif$]{$mainfont$} 202 | $endif$ 203 | $if(sansfont)$ 204 | $if(sansfontfallback)$ 205 | \ifLuaTeX 206 | \usepackage{luaotfload} 207 | \directlua{luaotfload.add_fallback("sansfontfallback",{ 208 | $for(sansfontfallback)$"$sansfontfallback$"$sep$,$endfor$ 209 | })} 210 | \fi 211 | $endif$ 212 | \setsansfont[$for(sansfontoptions)$$sansfontoptions$$sep$,$endfor$$if(sansfontfallback)$,RawFeature={fallback=sansfontfallback}$endif$]{$sansfont$} 213 | $endif$ 214 | $if(monofont)$ 215 | $if(monofontfallback)$ 216 | \ifLuaTeX 217 | \usepackage{luaotfload} 218 | \directlua{luaotfload.add_fallback("monofontfallback",{ 219 | $for(monofontfallback)$"$monofontfallback$"$sep$,$endfor$ 220 | })} 221 | \fi 222 | $endif$ 223 | \setmonofont[$for(monofontoptions)$$monofontoptions$$sep$,$endfor$$if(monofontfallback)$,RawFeature={fallback=monofontfallback}$endif$]{$monofont$} 224 | $endif$ 225 | $for(fontfamilies)$ 226 | \newfontfamily{$fontfamilies.name$}[$for(fontfamilies.options)$$fontfamilies.options$$sep$,$endfor$]{$fontfamilies.font$} 227 | $endfor$ 228 | $if(mathfont)$ 229 | $if(mathspec)$ 230 | \ifXeTeX 231 | \setmathfont(Digits,Latin,Greek)[$for(mathfontoptions)$$mathfontoptions$$sep$,$endfor$]{$mathfont$} 232 | \else 233 | \setmathfont[$for(mathfontoptions)$$mathfontoptions$$sep$,$endfor$]{$mathfont$} 234 | \fi 235 | $else$ 236 | \setmathfont[$for(mathfontoptions)$$mathfontoptions$$sep$,$endfor$]{$mathfont$} 237 | $endif$ 238 | $endif$ 239 | $if(CJKmainfont)$ 240 | \ifXeTeX 241 | \usepackage{xeCJK} 242 | \setCJKmainfont[$for(CJKoptions)$$CJKoptions$$sep$,$endfor$]{$CJKmainfont$} 243 | $if(CJKsansfont)$ 244 | \setCJKsansfont[$for(CJKoptions)$$CJKoptions$$sep$,$endfor$]{$CJKsansfont$} 245 | $endif$ 246 | $if(CJKmonofont)$ 247 | \setCJKmonofont[$for(CJKoptions)$$CJKoptions$$sep$,$endfor$]{$CJKmonofont$} 248 | $endif$ 249 | \fi 250 | $endif$ 251 | $if(luatexjapresetoptions)$ 252 | \ifLuaTeX 253 | \usepackage[$for(luatexjapresetoptions)$$luatexjapresetoptions$$sep$,$endfor$]{luatexja-preset} 254 | \fi 255 | $endif$ 256 | $if(CJKmainfont)$ 257 | \ifLuaTeX 258 | \usepackage[$for(luatexjafontspecoptions)$$luatexjafontspecoptions$$sep$,$endfor$]{luatexja-fontspec} 259 | \setmainjfont[$for(CJKoptions)$$CJKoptions$$sep$,$endfor$]{$CJKmainfont$} 260 | \fi 261 | $endif$ 262 | \fi 263 | $if(zero-width-non-joiner)$ 264 | %% Support for zero-width non-joiner characters. 265 | \makeatletter 266 | \def\zerowidthnonjoiner{% 267 | % Prevent ligatures and adjust kerning, but still support hyphenating. 268 | \texorpdfstring{% 269 | \TextOrMath{\nobreak\discretionary{-}{}{\kern.03em}% 270 | \ifvmode\else\nobreak\hskip\z@skip\fi}{}% 271 | }{}% 272 | } 273 | \makeatother 274 | \ifPDFTeX 275 | \DeclareUnicodeCharacter{200C}{\zerowidthnonjoiner} 276 | \else 277 | \catcode`^^^^200c=\active 278 | \protected\def ^^^^200c{\zerowidthnonjoiner} 279 | \fi 280 | %% End of ZWNJ support 281 | $endif$ 282 | % Use upquote if available, for straight quotes in verbatim environments 283 | \IfFileExists{upquote.sty}{\usepackage{upquote}}{} 284 | \IfFileExists{microtype.sty}{% use microtype if available 285 | \usepackage[$for(microtypeoptions)$$microtypeoptions$$sep$,$endfor$]{microtype} 286 | \UseMicrotypeSet[protrusion]{basicmath} % disable protrusion for tt fonts 287 | }{} 288 | $if(indent)$ 289 | $else$ 290 | \makeatletter 291 | \@ifundefined{KOMAClassName}{% if non-KOMA class 292 | \IfFileExists{parskip.sty}{% 293 | \usepackage{parskip} 294 | }{% else 295 | \setlength{\parindent}{0pt} 296 | \setlength{\parskip}{6pt plus 2pt minus 1pt}} 297 | }{% if KOMA class 298 | \KOMAoptions{parskip=half}} 299 | \makeatother 300 | $endif$ 301 | $if(verbatim-in-note)$ 302 | \usepackage{fancyvrb} 303 | $endif$ 304 | \usepackage{xcolor} 305 | \definecolor{default-linkcolor}{HTML}{A50000} 306 | \definecolor{default-filecolor}{HTML}{A50000} 307 | \definecolor{default-citecolor}{HTML}{4077C0} 308 | \definecolor{default-urlcolor}{HTML}{4077C0} 309 | $if(footnotes-pretty)$ 310 | % load footmisc in order to customize footnotes (footmisc has to be loaded before hyperref, cf. https://tex.stackexchange.com/a/169124/144087) 311 | \usepackage[hang,flushmargin,bottom,multiple]{footmisc} 312 | \setlength{\footnotemargin}{0.8em} % set space between footnote nr and text 313 | \setlength{\footnotesep}{\baselineskip} % set space between multiple footnotes 314 | \setlength{\skip\footins}{0.3cm} % set space between page content and footnote 315 | \setlength{\footskip}{0.9cm} % set space between footnote and page bottom 316 | $endif$ 317 | $if(geometry)$ 318 | $if(beamer)$ 319 | \geometry{$for(geometry)$$geometry$$sep$,$endfor$} 320 | $else$ 321 | \usepackage[$for(geometry)$$geometry$$sep$,$endfor$]{geometry} 322 | $endif$ 323 | $else$ 324 | $if(beamer)$ 325 | $else$ 326 | \usepackage[margin=2.5cm,includehead=true,includefoot=true,centering,$for(geometry)$$geometry$$sep$,$endfor$]{geometry} 327 | $endif$ 328 | $endif$ 329 | $if(titlepage-logo)$ 330 | \usepackage[export]{adjustbox} 331 | \usepackage{graphicx} 332 | $endif$ 333 | $if(beamer)$ 334 | \newif\ifbibliography 335 | $endif$ 336 | $if(listings)$ 337 | \usepackage{listings} 338 | \newcommand{\passthrough}[1]{#1} 339 | \lstset{defaultdialect=[5.3]Lua} 340 | \lstset{defaultdialect=[x86masm]Assembler} 341 | $endif$ 342 | $if(listings-no-page-break)$ 343 | \usepackage{etoolbox} 344 | \BeforeBeginEnvironment{lstlisting}{\par\noindent\begin{minipage}{\linewidth}} 345 | \AfterEndEnvironment{lstlisting}{\end{minipage}\par\addvspace{\topskip}} 346 | $endif$ 347 | $if(lhs)$ 348 | \lstnewenvironment{code}{\lstset{language=Haskell,basicstyle=\small\ttfamily}}{} 349 | $endif$ 350 | $if(highlighting-macros)$ 351 | $highlighting-macros$ 352 | 353 | % Workaround/bugfix from jannick0. 354 | % See https://github.com/jgm/pandoc/issues/4302#issuecomment-360669013) 355 | % or https://github.com/Wandmalfarbe/pandoc-latex-template/issues/2 356 | % 357 | % Redefine the verbatim environment 'Highlighting' to break long lines (with 358 | % the help of fvextra). Redefinition is necessary because it is unlikely that 359 | % pandoc includes fvextra in the default template. 360 | \usepackage{fvextra} 361 | \DefineVerbatimEnvironment{Highlighting}{Verbatim}{breaklines,fontsize=$if(code-block-font-size)$$code-block-font-size$$else$\small$endif$,commandchars=\\\{\}} 362 | 363 | $endif$ 364 | $if(tables)$ 365 | \usepackage{longtable,booktabs,array} 366 | $if(multirow)$ 367 | \usepackage{multirow} 368 | $endif$ 369 | \usepackage{calc} % for calculating minipage widths 370 | $if(beamer)$ 371 | \usepackage{caption} 372 | % Make caption package work with longtable 373 | \makeatletter 374 | \def\fnum@table{\tablename~\thetable} 375 | \makeatother 376 | $else$ 377 | % Correct order of tables after \paragraph or \subparagraph 378 | \usepackage{etoolbox} 379 | \makeatletter 380 | \patchcmd\longtable{\par}{\if@noskipsec\mbox{}\fi\par}{}{} 381 | \makeatother 382 | % Allow footnotes in longtable head/foot 383 | \IfFileExists{footnotehyper.sty}{\usepackage{footnotehyper}}{\usepackage{footnote}} 384 | \makesavenoteenv{longtable} 385 | $endif$ 386 | $endif$ 387 | % add backlinks to footnote references, cf. https://tex.stackexchange.com/questions/302266/make-footnote-clickable-both-ways 388 | $if(footnotes-disable-backlinks)$ 389 | $else$ 390 | \usepackage{footnotebackref} 391 | $endif$ 392 | $if(graphics)$ 393 | \usepackage{graphicx} 394 | \makeatletter 395 | \newsavebox\pandoc@box 396 | \newcommand*\pandocbounded[1]{% scales image to fit in text height/width 397 | \sbox\pandoc@box{#1}% 398 | \Gscale@div\@tempa{\textheight}{\dimexpr\ht\pandoc@box+\dp\pandoc@box\relax}% 399 | \Gscale@div\@tempb{\linewidth}{\wd\pandoc@box}% 400 | \ifdim\@tempb\p@<\@tempa\p@\let\@tempa\@tempb\fi% select the smaller of both 401 | \ifdim\@tempa\p@<\p@\scalebox{\@tempa}{\usebox\pandoc@box}% 402 | \else\usebox{\pandoc@box}% 403 | \fi% 404 | } 405 | % Set default figure placement to htbp 406 | % Make use of float-package and set default placement for figures to H. 407 | % The option H means 'PUT IT HERE' (as opposed to the standard h option which means 'You may put it here if you like'). 408 | \usepackage{float} 409 | \floatplacement{figure}{$if(float-placement-figure)$$float-placement-figure$$else$H$endif$} 410 | \makeatother 411 | $endif$ 412 | $if(svg)$ 413 | \usepackage{svg} 414 | $endif$ 415 | $if(strikeout)$ 416 | $-- also used for underline 417 | \ifLuaTeX 418 | \usepackage{luacolor} 419 | \usepackage[soul]{lua-ul} 420 | \else 421 | \usepackage{soul} 422 | $if(beamer)$ 423 | \makeatletter 424 | \let\HL\hl 425 | \renewcommand\hl{% fix for beamer highlighting 426 | \let\set@color\beamerorig@set@color 427 | \let\reset@color\beamerorig@reset@color 428 | \HL} 429 | \makeatother 430 | $endif$ 431 | $if(CJKmainfont)$ 432 | \ifXeTeX 433 | % soul's \st doesn't work for CJK: 434 | \usepackage{xeCJKfntef} 435 | \renewcommand{\st}[1]{\sout{#1}} 436 | \fi 437 | $endif$ 438 | \fi 439 | $endif$ 440 | \setlength{\emergencystretch}{3em} % prevent overfull lines 441 | \providecommand{\tightlist}{% 442 | \setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}} 443 | $if(numbersections)$ 444 | \setcounter{secnumdepth}{$if(secnumdepth)$$secnumdepth$$else$5$endif$} 445 | $else$ 446 | \setcounter{secnumdepth}{-\maxdimen} % remove section numbering 447 | $endif$ 448 | $if(subfigure)$ 449 | \usepackage{subcaption} 450 | $endif$ 451 | $if(beamer)$ 452 | $else$ 453 | $if(block-headings)$ 454 | % Make \paragraph and \subparagraph free-standing 455 | \makeatletter 456 | \ifx\paragraph\undefined\else 457 | \let\oldparagraph\paragraph 458 | \renewcommand{\paragraph}{ 459 | \@ifstar 460 | \xxxParagraphStar 461 | \xxxParagraphNoStar 462 | } 463 | \newcommand{\xxxParagraphStar}[1]{\oldparagraph*{#1}\mbox{}} 464 | \newcommand{\xxxParagraphNoStar}[1]{\oldparagraph{#1}\mbox{}} 465 | \fi 466 | \ifx\subparagraph\undefined\else 467 | \let\oldsubparagraph\subparagraph 468 | \renewcommand{\subparagraph}{ 469 | \@ifstar 470 | \xxxSubParagraphStar 471 | \xxxSubParagraphNoStar 472 | } 473 | \newcommand{\xxxSubParagraphStar}[1]{\oldsubparagraph*{#1}\mbox{}} 474 | \newcommand{\xxxSubParagraphNoStar}[1]{\oldsubparagraph{#1}\mbox{}} 475 | \fi 476 | \makeatother 477 | $endif$ 478 | $endif$ 479 | $if(pagestyle)$ 480 | \pagestyle{$pagestyle$} 481 | $endif$ 482 | $if(csl-refs)$ 483 | % definitions for citeproc citations 484 | \NewDocumentCommand\citeproctext{}{} 485 | \NewDocumentCommand\citeproc{mm}{% 486 | \begingroup\def\citeproctext{#2}\cite{#1}\endgroup} 487 | \makeatletter 488 | % allow citations to break across lines 489 | \let\@cite@ofmt\@firstofone 490 | % avoid brackets around text for \cite: 491 | \def\@biblabel#1{} 492 | \def\@cite#1#2{{#1\if@tempswa , #2\fi}} 493 | \makeatother 494 | \newlength{\cslhangindent} 495 | \setlength{\cslhangindent}{1.5em} 496 | \newlength{\csllabelwidth} 497 | \setlength{\csllabelwidth}{3em} 498 | \newenvironment{CSLReferences}[2] % #1 hanging-indent, #2 entry-spacing 499 | {\begin{list}{}{% 500 | \setlength{\itemindent}{0pt} 501 | \setlength{\leftmargin}{0pt} 502 | \setlength{\parsep}{0pt} 503 | % turn on hanging indent if param 1 is 1 504 | \ifodd #1 505 | \setlength{\leftmargin}{\cslhangindent} 506 | \setlength{\itemindent}{-1\cslhangindent} 507 | \fi 508 | % set entry spacing 509 | \setlength{\itemsep}{#2\baselineskip}}} 510 | {\end{list}} 511 | \usepackage{calc} 512 | \newcommand{\CSLBlock}[1]{\hfill\break\parbox[t]{\linewidth}{\strut\ignorespaces#1\strut}} 513 | \newcommand{\CSLLeftMargin}[1]{\parbox[t]{\csllabelwidth}{\strut#1\strut}} 514 | \newcommand{\CSLRightInline}[1]{\parbox[t]{\linewidth - \csllabelwidth}{\strut#1\strut}} 515 | \newcommand{\CSLIndent}[1]{\hspace{\cslhangindent}#1} 516 | $endif$ 517 | $if(lang)$ 518 | \ifLuaTeX 519 | \usepackage[bidi=basic]{babel} 520 | \else 521 | \usepackage[bidi=default]{babel} 522 | \fi 523 | $if(babel-lang)$ 524 | \babelprovide[main,import]{$babel-lang$} 525 | $if(mainfont)$ 526 | \ifPDFTeX 527 | \else 528 | \babelfont{rm}[$for(mainfontoptions)$$mainfontoptions$$sep$,$endfor$$if(mainfontfallback)$,RawFeature={fallback=mainfontfallback}$endif$]{$mainfont$} 529 | \fi 530 | $endif$ 531 | $endif$ 532 | $for(babel-otherlangs)$ 533 | \babelprovide[import]{$babel-otherlangs$} 534 | $endfor$ 535 | $for(babelfonts/pairs)$ 536 | \babelfont[$babelfonts.key$]{rm}{$babelfonts.value$} 537 | $endfor$ 538 | % get rid of language-specific shorthands (see #6817): 539 | \let\LanguageShortHands\languageshorthands 540 | \def\languageshorthands#1{} 541 | $if(selnolig-langs)$ 542 | \ifLuaTeX 543 | \usepackage[$for(selnolig-langs)$$it$$sep$,$endfor$]{selnolig} % disable illegal ligatures 544 | \fi 545 | $endif$ 546 | $endif$ 547 | $for(header-includes)$ 548 | $header-includes$ 549 | $endfor$ 550 | $if(dir)$ 551 | \ifPDFTeX 552 | \TeXXeTstate=1 553 | \newcommand{\RL}[1]{\beginR #1\endR} 554 | \newcommand{\LR}[1]{\beginL #1\endL} 555 | \newenvironment{RTL}{\beginR}{\endR} 556 | \newenvironment{LTR}{\beginL}{\endL} 557 | \fi 558 | $endif$ 559 | $if(natbib)$ 560 | \usepackage[$natbiboptions$]{natbib} 561 | \bibliographystyle{$if(biblio-style)$$biblio-style$$else$plainnat$endif$} 562 | $endif$ 563 | $if(biblatex)$ 564 | \usepackage[$if(biblio-style)$style=$biblio-style$,$endif$$for(biblatexoptions)$$biblatexoptions$$sep$,$endfor$]{biblatex} 565 | $for(bibliography)$ 566 | \addbibresource{$bibliography$} 567 | $endfor$ 568 | $endif$ 569 | $if(nocite-ids)$ 570 | \nocite{$for(nocite-ids)$$it$$sep$, $endfor$} 571 | $endif$ 572 | $if(csquotes)$ 573 | \usepackage{csquotes} 574 | $endif$ 575 | \usepackage{bookmark} 576 | \IfFileExists{xurl.sty}{\usepackage{xurl}}{} % add URL line breaks if available 577 | \urlstyle{$if(urlstyle)$$urlstyle$$else$same$endif$} 578 | $if(links-as-notes)$ 579 | % Make links footnotes instead of hotlinks: 580 | \DeclareRobustCommand{\href}[2]{#2\footnote{\url{#1}}} 581 | $endif$ 582 | $if(verbatim-in-note)$ 583 | \VerbatimFootnotes % allow verbatim text in footnotes 584 | $endif$ 585 | \hypersetup{ 586 | $if(title-meta)$ 587 | pdftitle={$title-meta$}, 588 | $endif$ 589 | $if(author-meta)$ 590 | pdfauthor={$author-meta$}, 591 | $endif$ 592 | $if(lang)$ 593 | pdflang={$lang$}, 594 | $endif$ 595 | $if(subject)$ 596 | pdfsubject={$subject$}, 597 | $endif$ 598 | $if(keywords)$ 599 | pdfkeywords={$for(keywords)$$keywords$$sep$, $endfor$}, 600 | $endif$ 601 | $if(colorlinks)$ 602 | colorlinks=true, 603 | linkcolor={$if(linkcolor)$$linkcolor$$else$default-linkcolor$endif$}, 604 | filecolor={$if(filecolor)$$filecolor$$else$default-filecolor$endif$}, 605 | citecolor={$if(citecolor)$$citecolor$$else$default-citecolor$endif$}, 606 | urlcolor={$if(urlcolor)$$urlcolor$$else$default-urlcolor$endif$}, 607 | $else$ 608 | $if(boxlinks)$ 609 | $else$ 610 | hidelinks, 611 | $endif$ 612 | $endif$ 613 | breaklinks=true, 614 | pdfcreator={LaTeX via pandoc with the Eisvogel template}} 615 | $if(title)$ 616 | \title{$title$$if(thanks)$\thanks{$thanks$}$endif$} 617 | $endif$ 618 | $if(subtitle)$ 619 | $if(beamer)$ 620 | $else$ 621 | \usepackage{etoolbox} 622 | \makeatletter 623 | \providecommand{\subtitle}[1]{% add subtitle to \maketitle 624 | \apptocmd{\@title}{\par {\large #1 \par}}{}{} 625 | } 626 | \makeatother 627 | $endif$ 628 | \subtitle{$subtitle$} 629 | $endif$ 630 | \author{$for(author)$$author$$sep$ \and $endfor$} 631 | \date{$date$} 632 | $if(beamer)$ 633 | $if(institute)$ 634 | \institute{$for(institute)$$institute$$sep$ \and $endfor$} 635 | $endif$ 636 | $if(titlegraphic)$ 637 | \titlegraphic{\includegraphics$if(titlegraphicoptions)$[$for(titlegraphicoptions)$$titlegraphicoptions$$sep$, $endfor$]$endif${$titlegraphic$}} 638 | $endif$ 639 | $if(logo)$ 640 | \logo{\includegraphics{$logo$}} 641 | $endif$ 642 | $endif$ 643 | 644 | 645 | 646 | %% 647 | %% added 648 | %% 649 | 650 | $if(page-background)$ 651 | \usepackage[pages=all]{background} 652 | $endif$ 653 | 654 | % 655 | % for the background color of the title page 656 | % 657 | $if(titlepage)$ 658 | \usepackage{pagecolor} 659 | \usepackage{afterpage} 660 | $if(titlepage-background)$ 661 | \usepackage{tikz} 662 | $endif$ 663 | $if(geometry)$ 664 | $else$ 665 | \usepackage[margin=2.5cm,includehead=true,includefoot=true,centering]{geometry} 666 | $endif$ 667 | $endif$ 668 | 669 | % 670 | % break urls 671 | % 672 | \PassOptionsToPackage{hyphens}{url} 673 | 674 | % 675 | % When using babel or polyglossia with biblatex, loading csquotes is recommended 676 | % to ensure that quoted texts are typeset according to the rules of your main language. 677 | % 678 | \usepackage{csquotes} 679 | 680 | % 681 | % captions 682 | % 683 | \definecolor{caption-color}{HTML}{777777} 684 | $if(beamer)$ 685 | $else$ 686 | \usepackage[font={stretch=1.2}, textfont={color=caption-color}, position=top, skip=4mm, labelfont=bf, singlelinecheck=false, justification=$if(caption-justification)$$caption-justification$$else$raggedright$endif$]{caption} 687 | \setcapindent{0em} 688 | $endif$ 689 | 690 | % 691 | % blockquote 692 | % 693 | \definecolor{blockquote-border}{RGB}{221,221,221} 694 | \definecolor{blockquote-text}{RGB}{119,119,119} 695 | \usepackage{mdframed} 696 | \newmdenv[rightline=false,bottomline=false,topline=false,linewidth=3pt,linecolor=blockquote-border,skipabove=\parskip]{customblockquote} 697 | \renewenvironment{quote}{\begin{customblockquote}\list{}{\rightmargin=0em\leftmargin=0em}% 698 | \item\relax\color{blockquote-text}\ignorespaces}{\unskip\unskip\endlist\end{customblockquote}} 699 | 700 | % 701 | % Source Sans Pro as the default font family 702 | % Source Code Pro for monospace text 703 | % 704 | % 'default' option sets the default 705 | % font family to Source Sans Pro, not \sfdefault. 706 | % 707 | \ifnum 0\ifxetex 1\fi\ifluatex 1\fi=0 % if pdftex 708 | $if(fontfamily)$ 709 | $else$ 710 | \usepackage[default]{sourcesanspro} 711 | \usepackage{sourcecodepro} 712 | $endif$ 713 | \else % if not pdftex 714 | $if(mainfont)$ 715 | $else$ 716 | \usepackage[default]{sourcesanspro} 717 | \usepackage{sourcecodepro} 718 | 719 | % XeLaTeX specific adjustments for straight quotes: https://tex.stackexchange.com/a/354887 720 | % This issue is already fixed (see https://github.com/silkeh/latex-sourcecodepro/pull/5) but the 721 | % fix is still unreleased. 722 | % TODO: Remove this workaround when the new version of sourcecodepro is released on CTAN. 723 | \ifxetex 724 | \makeatletter 725 | \defaultfontfeatures[\ttfamily] 726 | { Numbers = \sourcecodepro@figurestyle, 727 | Scale = \SourceCodePro@scale, 728 | Extension = .otf } 729 | \setmonofont 730 | [ UprightFont = *-\sourcecodepro@regstyle, 731 | ItalicFont = *-\sourcecodepro@regstyle It, 732 | BoldFont = *-\sourcecodepro@boldstyle, 733 | BoldItalicFont = *-\sourcecodepro@boldstyle It ] 734 | {SourceCodePro} 735 | \makeatother 736 | \fi 737 | $endif$ 738 | \fi 739 | 740 | % 741 | % heading color 742 | % 743 | \definecolor{heading-color}{RGB}{40,40,40} 744 | $if(beamer)$ 745 | $else$ 746 | \addtokomafont{section}{\color{heading-color}} 747 | $endif$ 748 | % When using the classes report, scrreprt, book, 749 | % scrbook or memoir, uncomment the following line. 750 | %\addtokomafont{chapter}{\color{heading-color}} 751 | 752 | % 753 | % variables for title, author and date 754 | % 755 | $if(beamer)$ 756 | $else$ 757 | \usepackage{titling} 758 | \title{$title$} 759 | \author{$for(author)$$author$$sep$, $endfor$} 760 | \date{$date$} 761 | $endif$ 762 | 763 | % 764 | % tables 765 | % 766 | $if(tables)$ 767 | 768 | \definecolor{table-row-color}{HTML}{F5F5F5} 769 | \definecolor{table-rule-color}{HTML}{999999} 770 | 771 | %\arrayrulecolor{black!40} 772 | \arrayrulecolor{table-rule-color} % color of \toprule, \midrule, \bottomrule 773 | \setlength\heavyrulewidth{0.3ex} % thickness of \toprule, \bottomrule 774 | \renewcommand{\arraystretch}{1.3} % spacing (padding) 775 | 776 | $if(table-use-row-colors)$ 777 | % Unfortunately the colored cells extend beyond the edge of the 778 | % table because pandoc uses @-expressions (@{}) like so: 779 | % 780 | % \begin{longtable}[]{@{}ll@{}} 781 | % \end{longtable} 782 | % 783 | % https://en.wikibooks.org/wiki/LaTeX/Tables#.40-expressions 784 | \usepackage{etoolbox} 785 | \AtBeginEnvironment{longtable}{\rowcolors{2}{}{table-row-color!100}} 786 | \preto{\toprule}{\hiderowcolors}{}{} 787 | \appto{\endhead}{\showrowcolors}{}{} 788 | \appto{\endfirsthead}{\showrowcolors}{}{} 789 | $endif$ 790 | $endif$ 791 | 792 | % 793 | % remove paragraph indentation 794 | % 795 | \setlength{\parindent}{0pt} 796 | \setlength{\parskip}{6pt plus 2pt minus 1pt} 797 | \setlength{\emergencystretch}{3em} % prevent overfull lines 798 | 799 | % 800 | % 801 | % Listings 802 | % 803 | % 804 | 805 | $if(listings)$ 806 | 807 | % 808 | % general listing colors 809 | % 810 | \definecolor{listing-background}{HTML}{F7F7F7} 811 | \definecolor{listing-rule}{HTML}{B3B2B3} 812 | \definecolor{listing-numbers}{HTML}{B3B2B3} 813 | \definecolor{listing-text-color}{HTML}{000000} 814 | \definecolor{listing-keyword}{HTML}{435489} 815 | \definecolor{listing-keyword-2}{HTML}{1284CA} % additional keywords 816 | \definecolor{listing-keyword-3}{HTML}{9137CB} % additional keywords 817 | \definecolor{listing-identifier}{HTML}{435489} 818 | \definecolor{listing-string}{HTML}{00999A} 819 | \definecolor{listing-comment}{HTML}{8E8E8E} 820 | 821 | \lstdefinestyle{eisvogel_listing_style}{ 822 | language = java, 823 | $if(listings-disable-line-numbers)$ 824 | xleftmargin = 0.6em, 825 | framexleftmargin = 0.4em, 826 | $else$ 827 | numbers = left, 828 | xleftmargin = 2.7em, 829 | framexleftmargin = 2.5em, 830 | $endif$ 831 | backgroundcolor = \color{listing-background}, 832 | basicstyle = \color{listing-text-color}\linespread{1.0}% 833 | \lst@ifdisplaystyle% 834 | $if(code-block-font-size)$$code-block-font-size$$else$\small$endif$% 835 | \fi\ttfamily{}, 836 | breaklines = true, 837 | frame = single, 838 | framesep = 0.19em, 839 | rulecolor = \color{listing-rule}, 840 | frameround = ffff, 841 | tabsize = 4, 842 | numberstyle = \color{listing-numbers}, 843 | aboveskip = 1.0em, 844 | belowskip = 0.1em, 845 | abovecaptionskip = 0em, 846 | belowcaptionskip = 1.0em, 847 | keywordstyle = {\color{listing-keyword}\bfseries}, 848 | keywordstyle = {[2]\color{listing-keyword-2}\bfseries}, 849 | keywordstyle = {[3]\color{listing-keyword-3}\bfseries\itshape}, 850 | sensitive = true, 851 | identifierstyle = \color{listing-identifier}, 852 | commentstyle = \color{listing-comment}, 853 | stringstyle = \color{listing-string}, 854 | showstringspaces = false, 855 | escapeinside = {/*@}{@*/}, % Allow LaTeX inside these special comments 856 | literate = 857 | {á}{{\'a}}1 {é}{{\'e}}1 {í}{{\'i}}1 {ó}{{\'o}}1 {ú}{{\'u}}1 858 | {Á}{{\'A}}1 {É}{{\'E}}1 {Í}{{\'I}}1 {Ó}{{\'O}}1 {Ú}{{\'U}}1 859 | {à}{{\`a}}1 {è}{{\`e}}1 {ì}{{\`i}}1 {ò}{{\`o}}1 {ù}{{\`u}}1 860 | {À}{{\`A}}1 {È}{{\`E}}1 {Ì}{{\`I}}1 {Ò}{{\`O}}1 {Ù}{{\`U}}1 861 | {ä}{{\"a}}1 {ë}{{\"e}}1 {ï}{{\"i}}1 {ö}{{\"o}}1 {ü}{{\"u}}1 862 | {Ä}{{\"A}}1 {Ë}{{\"E}}1 {Ï}{{\"I}}1 {Ö}{{\"O}}1 {Ü}{{\"U}}1 863 | {â}{{\^a}}1 {ê}{{\^e}}1 {î}{{\^i}}1 {ô}{{\^o}}1 {û}{{\^u}}1 864 | {Â}{{\^A}}1 {Ê}{{\^E}}1 {Î}{{\^I}}1 {Ô}{{\^O}}1 {Û}{{\^U}}1 865 | {œ}{{\oe}}1 {Œ}{{\OE}}1 {æ}{{\ae}}1 {Æ}{{\AE}}1 {ß}{{\ss}}1 866 | {ç}{{\c c}}1 {Ç}{{\c C}}1 {ø}{{\o}}1 {å}{{\r a}}1 {Å}{{\r A}}1 867 | {€}{{\EUR}}1 {£}{{\pounds}}1 {«}{{\guillemotleft}}1 868 | {»}{{\guillemotright}}1 {ñ}{{\~n}}1 {Ñ}{{\~N}}1 {¿}{{?`}}1 869 | {…}{{\ldots}}1 {≥}{{>=}}1 {≤}{{<=}}1 {„}{{\glqq}}1 {“}{{\grqq}}1 870 | {”}{{''}}1 871 | } 872 | \lstset{style=eisvogel_listing_style} 873 | 874 | % 875 | % Java (Java SE 12, 2019-06-22) 876 | % 877 | \lstdefinelanguage{Java}{ 878 | morekeywords={ 879 | % normal keywords (without data types) 880 | abstract,assert,break,case,catch,class,continue,default, 881 | do,else,enum,exports,extends,final,finally,for,if,implements, 882 | import,instanceof,interface,module,native,new,package,private, 883 | protected,public,requires,return,static,strictfp,super,switch, 884 | synchronized,this,throw,throws,transient,try,volatile,while, 885 | % var is an identifier 886 | var 887 | }, 888 | morekeywords={[2] % data types 889 | % primitive data types 890 | boolean,byte,char,double,float,int,long,short, 891 | % String 892 | String, 893 | % primitive wrapper types 894 | Boolean,Byte,Character,Double,Float,Integer,Long,Short 895 | % number types 896 | Number,AtomicInteger,AtomicLong,BigDecimal,BigInteger,DoubleAccumulator,DoubleAdder,LongAccumulator,LongAdder,Short, 897 | % other 898 | Object,Void,void 899 | }, 900 | morekeywords={[3] % literals 901 | % reserved words for literal values 902 | null,true,false, 903 | }, 904 | sensitive, 905 | morecomment = [l]//, 906 | morecomment = [s]{/*}{*/}, 907 | morecomment = [s]{/**}{*/}, 908 | morestring = [b]", 909 | morestring = [b]', 910 | } 911 | 912 | \lstdefinelanguage{XML}{ 913 | morestring = [b]", 914 | moredelim = [s][\bfseries\color{listing-keyword}]{<}{\ }, 915 | moredelim = [s][\bfseries\color{listing-keyword}]{}, 916 | moredelim = [l][\bfseries\color{listing-keyword}]{/>}, 917 | moredelim = [l][\bfseries\color{listing-keyword}]{>}, 918 | morecomment = [s]{}, 919 | morecomment = [s]{}, 920 | commentstyle = \color{listing-comment}, 921 | stringstyle = \color{listing-string}, 922 | identifierstyle = \color{listing-identifier} 923 | } 924 | $endif$ 925 | 926 | % 927 | % header and footer 928 | % 929 | $if(beamer)$ 930 | $else$ 931 | $if(disable-header-and-footer)$ 932 | $else$ 933 | \usepackage[headsepline,footsepline]{scrlayer-scrpage} 934 | 935 | \newpairofpagestyles{eisvogel-header-footer}{ 936 | \clearpairofpagestyles 937 | \ihead*{$if(header-left)$$header-left$$else$$title$$endif$} 938 | \chead*{$if(header-center)$$header-center$$else$$endif$} 939 | \ohead*{$if(header-right)$$header-right$$else$$date$$endif$} 940 | \ifoot*{$if(footer-left)$$footer-left$$else$$for(author)$$author$$sep$, $endfor$$endif$} 941 | \cfoot*{$if(footer-center)$$footer-center$$else$$endif$} 942 | \ofoot*{$if(footer-right)$$footer-right$$else$\thepage$endif$} 943 | \addtokomafont{pageheadfoot}{\upshape} 944 | } 945 | \pagestyle{eisvogel-header-footer} 946 | 947 | $if(book)$ 948 | \deftripstyle{ChapterStyle}{}{}{}{}{\pagemark}{} 949 | \renewcommand*{\chapterpagestyle}{ChapterStyle} 950 | $endif$ 951 | 952 | $if(page-background)$ 953 | \backgroundsetup{ 954 | scale=1, 955 | color=black, 956 | opacity=$if(page-background-opacity)$$page-background-opacity$$else$0.2$endif$, 957 | angle=0, 958 | contents={% 959 | \includegraphics[width=\paperwidth,height=\paperheight]{$page-background$} 960 | }% 961 | } 962 | $endif$ 963 | $endif$ 964 | $endif$ 965 | 966 | %% 967 | %% end added 968 | %% 969 | 970 | \begin{document} 971 | 972 | %% 973 | %% begin titlepage 974 | %% 975 | $if(beamer)$ 976 | $else$ 977 | $if(titlepage)$ 978 | \begin{titlepage} 979 | $if(titlepage-background)$ 980 | \newgeometry{top=2cm, right=4cm, bottom=3cm, left=4cm} 981 | $else$ 982 | \newgeometry{left=6cm} 983 | $endif$ 984 | $if(titlepage-color)$ 985 | \definecolor{titlepage-color}{HTML}{$titlepage-color$} 986 | \newpagecolor{titlepage-color}\afterpage{\restorepagecolor} 987 | $endif$ 988 | $if(titlepage-background)$ 989 | \tikz[remember picture,overlay] \node[inner sep=0pt] at (current page.center){\includegraphics[width=\paperwidth,height=\paperheight]{$titlepage-background$}}; 990 | $endif$ 991 | \newcommand{\colorRule}[3][black]{\textcolor[HTML]{#1}{\rule{#2}{#3}}} 992 | \begin{flushleft} 993 | \noindent 994 | \\[-1em] 995 | \color[HTML]{$if(titlepage-text-color)$$titlepage-text-color$$else$5F5F5F$endif$} 996 | \makebox[0pt][l]{\colorRule[$if(titlepage-rule-color)$$titlepage-rule-color$$else$435488$endif$]{1.3\textwidth}{$if(titlepage-rule-height)$$titlepage-rule-height$$else$4$endif$pt}} 997 | \par 998 | \noindent 999 | 1000 | $if(titlepage-background)$ 1001 | % The titlepage with a background image has other text spacing and text size 1002 | { 1003 | \setstretch{2} 1004 | \vfill 1005 | \vskip -8em 1006 | \noindent {\huge \textbf{\textsf{$title$}}} 1007 | $if(subtitle)$ 1008 | \vskip 1em 1009 | {\Large \textsf{$subtitle$}} 1010 | $endif$ 1011 | \vskip 2em 1012 | \noindent {\Large \textsf{$for(author)$$author$$sep$, $endfor$} \vskip 0.6em \textsf{$date$}} 1013 | \vfill 1014 | } 1015 | $else$ 1016 | { 1017 | \setstretch{1.4} 1018 | \vfill 1019 | \noindent {\huge \textbf{\textsf{$title$}}} 1020 | $if(subtitle)$ 1021 | \vskip 1em 1022 | {\Large \textsf{$subtitle$}} 1023 | $endif$ 1024 | \vskip 2em 1025 | \noindent {\Large \textsf{$for(author)$$author$$sep$, $endfor$}} 1026 | \vfill 1027 | } 1028 | $endif$ 1029 | 1030 | $if(titlepage-logo)$ 1031 | \noindent 1032 | \includegraphics[width=$if(logo-width)$$logo-width$$else$35mm$endif$, left]{$titlepage-logo$} 1033 | $endif$ 1034 | 1035 | $if(titlepage-background)$ 1036 | $else$ 1037 | \textsf{$date$} 1038 | $endif$ 1039 | \end{flushleft} 1040 | \end{titlepage} 1041 | \restoregeometry 1042 | \pagenumbering{arabic} 1043 | $endif$ 1044 | $endif$ 1045 | 1046 | %% 1047 | %% end titlepage 1048 | %% 1049 | 1050 | $if(has-frontmatter)$ 1051 | \frontmatter 1052 | $endif$ 1053 | $if(title)$ 1054 | $if(beamer)$ 1055 | \frame{\titlepage} 1056 | % don't generate the default title 1057 | % $else$ 1058 | % \maketitle 1059 | $endif$ 1060 | $if(abstract)$ 1061 | \begin{abstract} 1062 | $abstract$ 1063 | \end{abstract} 1064 | $endif$ 1065 | $endif$ 1066 | 1067 | $if(first-chapter)$ 1068 | \setcounter{chapter}{$first-chapter$} 1069 | \addtocounter{chapter}{-1} 1070 | $endif$ 1071 | 1072 | $for(include-before)$ 1073 | $include-before$ 1074 | 1075 | $endfor$ 1076 | $if(toc)$ 1077 | $if(toc-title)$ 1078 | \renewcommand*\contentsname{$toc-title$} 1079 | $endif$ 1080 | $if(beamer)$ 1081 | \begin{frame}[allowframebreaks] 1082 | $if(toc-title)$ 1083 | \frametitle{$toc-title$} 1084 | $endif$ 1085 | \setcounter{tocdepth}{$toc-depth$} 1086 | \tableofcontents 1087 | \end{frame} 1088 | $if(toc-own-page)$ 1089 | \newpage 1090 | $endif$ 1091 | $else$ 1092 | { 1093 | $if(colorlinks)$ 1094 | \hypersetup{linkcolor=$if(toccolor)$$toccolor$$else$$endif$} 1095 | $endif$ 1096 | \setcounter{tocdepth}{$toc-depth$} 1097 | \tableofcontents 1098 | $if(toc-own-page)$ 1099 | \newpage 1100 | $endif$ 1101 | } 1102 | $endif$ 1103 | $endif$ 1104 | $if(lof)$ 1105 | \listoffigures 1106 | $endif$ 1107 | $if(lot)$ 1108 | \listoftables 1109 | $endif$ 1110 | $if(linestretch)$ 1111 | \setstretch{$linestretch$} 1112 | $endif$ 1113 | $if(has-frontmatter)$ 1114 | \mainmatter 1115 | $endif$ 1116 | $body$ 1117 | 1118 | $if(has-frontmatter)$ 1119 | \backmatter 1120 | $endif$ 1121 | $if(natbib)$ 1122 | $if(bibliography)$ 1123 | $if(biblio-title)$ 1124 | $if(has-chapters)$ 1125 | \renewcommand\bibname{$biblio-title$} 1126 | $else$ 1127 | \renewcommand\refname{$biblio-title$} 1128 | $endif$ 1129 | $endif$ 1130 | $if(beamer)$ 1131 | \begin{frame}[allowframebreaks]{$biblio-title$} 1132 | \bibliographytrue 1133 | $endif$ 1134 | \bibliography{$for(bibliography)$$bibliography$$sep$,$endfor$} 1135 | $if(beamer)$ 1136 | \end{frame} 1137 | $endif$ 1138 | 1139 | $endif$ 1140 | $endif$ 1141 | $if(biblatex)$ 1142 | $if(beamer)$ 1143 | \begin{frame}[allowframebreaks]{$biblio-title$} 1144 | \bibliographytrue 1145 | \printbibliography[heading=none] 1146 | \end{frame} 1147 | $else$ 1148 | \printbibliography$if(biblio-title)$[title=$biblio-title$]$endif$ 1149 | $endif$ 1150 | 1151 | $endif$ 1152 | $for(include-after)$ 1153 | $include-after$ 1154 | 1155 | $endfor$ 1156 | \end{document} 1157 | -------------------------------------------------------------------------------- /0.1/templates/header-eisvogel.tex: -------------------------------------------------------------------------------- 1 | 2 | \hypersetup{colorlinks=false, 3 | allbordercolors={0 0 0}, 4 | pdfborderstyle={/S/U/W 1}} 5 | 6 | \newcommand*{\escape}[1]{\texttt{\textbackslash#1}} 7 | -------------------------------------------------------------------------------- /0.1/templates/reference.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/templates/reference.docx -------------------------------------------------------------------------------- /0.1/tools/__pycache__/asvs.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/tools/__pycache__/asvs.cpython-310.pyc -------------------------------------------------------------------------------- /0.1/tools/__pycache__/cyclonedx.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/tools/__pycache__/cyclonedx.cpython-310.pyc -------------------------------------------------------------------------------- /0.1/tools/__pycache__/llmsvs.cpython-310.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/0.1/tools/__pycache__/llmsvs.cpython-310.pyc -------------------------------------------------------------------------------- /0.1/tools/cyclonedx.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | ''' CycloneDX converter class 4 | 5 | Converts the ASVS JSON into CycloneDX Standards format 6 | Copyright (c) 2023 OWASP Foundation 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining a copy 9 | of this software and associated documentation files (the "Software"), to deal 10 | in the Software without restriction, including without limitation the rights 11 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 | copies of the Software, and to permit persons to whom the Software is 13 | furnished to do so, subject to the following conditions: 14 | 15 | The above copyright notice and this permission notice shall be included in all 16 | copies or substantial portions of the Software. 17 | 18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 | SOFTWARE. 25 | 26 | ''' 27 | 28 | import json 29 | from dicttoxml2 import dicttoxml 30 | import datetime 31 | import uuid 32 | try: 33 | from StringIO import StringIO 34 | except ImportError: 35 | from io import StringIO 36 | 37 | 38 | class CycloneDX: 39 | bom = {} 40 | bom['bomFormat'] = "CycloneDX" 41 | bom['specVersion'] = "1.6" 42 | bom['serialNumber'] = "urn:uuid:" + str(uuid.uuid4()) 43 | bom['version'] = 1 44 | bom['metadata'] = {} 45 | bom['metadata']['timestamp'] = datetime.datetime.now().astimezone().replace(microsecond=0).isoformat() 46 | bom['metadata']['licenses'] = [] 47 | bom['metadata']['licenses'].append({}) 48 | bom['metadata']['licenses'][0]['license'] = {} 49 | bom['metadata']['licenses'][0]['license']['id'] = "CC-BY-SA-4.0" 50 | bom['metadata']['licenses'][0]['license']['url'] = "https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt" 51 | bom['metadata']['supplier'] = {} 52 | bom['metadata']['supplier']['name'] = "OWASP Foundation" 53 | bom['metadata']['supplier']['url'] = [ "https://owasp.org" ] 54 | bom['declarations'] = {} 55 | bom['declarations']['standards'] = [] 56 | bom['declarations']['standards'].append({}) 57 | 58 | def __init__(self, llmsvs_json_in): 59 | self.llmsvs = llmsvs_json_in 60 | llmsvs = json.loads(llmsvs_json_in) 61 | bom_ref = llmsvs["ShortName"] + "-" + llmsvs["Version"] 62 | self.bom['declarations']['standards'][0]['bom-ref'] = bom_ref 63 | self.bom['declarations']['standards'][0]['name'] = \ 64 | llmsvs["Name"].replace('Project', '') + "(" + llmsvs["ShortName"] + ")" 65 | self.bom['declarations']['standards'][0]['version'] = llmsvs["Version"] 66 | self.bom['declarations']['standards'][0]['description'] = llmsvs["Description"] 67 | self.bom['declarations']['standards'][0]['owner'] = llmsvs["Name"] 68 | 69 | requirements = [] 70 | l1_requirements = [] 71 | l2_requirements = [] 72 | l3_requirements = [] 73 | for llmsvs_chapter in llmsvs['Requirements']: 74 | chapter_req = self.convert_requirement(llmsvs_chapter, None) 75 | requirements.append(chapter_req) 76 | if 'Items' in llmsvs_chapter: 77 | for llmsvs_section in llmsvs_chapter['Items']: 78 | section_req = self.convert_requirement(llmsvs_section, chapter_req['bom-ref']) 79 | requirements.append(section_req) 80 | for llmsvs_requirement in llmsvs_section['Items']: 81 | requirement = self.convert_requirement(llmsvs_requirement, section_req['bom-ref']) 82 | requirements.append(requirement) 83 | if 'L1' in llmsvs_requirement and 'Required' in llmsvs_requirement['L1'] and llmsvs_requirement['L1']['Required'] is True: 84 | l1_requirements.append(requirement['bom-ref']) 85 | if 'L2' in llmsvs_requirement and 'Required' in llmsvs_requirement['L2'] and llmsvs_requirement['L2']['Required'] is True: 86 | l2_requirements.append(requirement['bom-ref']) 87 | if 'L3' in llmsvs_requirement and 'Required' in llmsvs_requirement['L3'] and llmsvs_requirement['L3']['Required'] is True: 88 | l3_requirements.append(requirement['bom-ref']) 89 | 90 | self.bom['declarations']['standards'][0]['requirements'] = requirements 91 | 92 | self.bom['declarations']['standards'][0]['levels'] = [] 93 | self.bom['declarations']['standards'][0]['levels'].append({}) 94 | self.bom['declarations']['standards'][0]['levels'][0] = {} 95 | self.bom['declarations']['standards'][0]['levels'][0]['bom-ref'] = "level-1" 96 | self.bom['declarations']['standards'][0]['levels'][0]['identifier'] = "Level 1" 97 | self.bom['declarations']['standards'][0]['levels'][0]['description'] = "llmsvs Level 1 is for low assurance levels, and is completely penetration testable." 98 | self.bom['declarations']['standards'][0]['levels'][0]['requirements'] = l1_requirements 99 | self.bom['declarations']['standards'][0]['levels'].append({}) 100 | self.bom['declarations']['standards'][0]['levels'][1] = {} 101 | self.bom['declarations']['standards'][0]['levels'][1]['bom-ref'] = "level-2" 102 | self.bom['declarations']['standards'][0]['levels'][1]['identifier'] = "Level 2" 103 | self.bom['declarations']['standards'][0]['levels'][1]['description'] = "llmsvs Level 2 is for applications that contain sensitive data, which requires protection and is the recommended level for most apps." 104 | self.bom['declarations']['standards'][0]['levels'][1]['requirements'] = l2_requirements 105 | self.bom['declarations']['standards'][0]['levels'].append({}) 106 | self.bom['declarations']['standards'][0]['levels'][2] = {} 107 | self.bom['declarations']['standards'][0]['levels'][2]['bom-ref'] = "level-3" 108 | self.bom['declarations']['standards'][0]['levels'][2]['identifier'] = "Level 3" 109 | self.bom['declarations']['standards'][0]['levels'][2]['description'] = "llmsvs Level 3 is for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust." 110 | self.bom['declarations']['standards'][0]['levels'][2]['requirements'] = l3_requirements 111 | 112 | self.bom['declarations']['standards'][0]['externalReferences'] = [] 113 | self.bom['declarations']['standards'][0]['externalReferences'].append({}) 114 | self.bom['declarations']['standards'][0]['externalReferences'][0]['type'] = 'website' 115 | self.bom['declarations']['standards'][0]['externalReferences'][0]['url'] = 'https://owasp.org/llmsvs' 116 | self.bom['declarations']['standards'][0]['externalReferences'].append({}) 117 | self.bom['declarations']['standards'][0]['externalReferences'][1]['type'] = 'vcs' 118 | self.bom['declarations']['standards'][0]['externalReferences'][1]['url'] = 'https://github.com/OWASP/llmsvs' 119 | self.bom['declarations']['standards'][0]['externalReferences'].append({}) 120 | self.bom['declarations']['standards'][0]['externalReferences'][2]['type'] = 'issue-tracker' 121 | self.bom['declarations']['standards'][0]['externalReferences'][2]['url'] = 'https://github.com/OWASP/llmsvs/issues' 122 | self.bom['declarations']['standards'][0]['externalReferences'].append({}) 123 | self.bom['declarations']['standards'][0]['externalReferences'][3]['type'] = 'social' 124 | self.bom['declarations']['standards'][0]['externalReferences'][3]['url'] = 'https://twitter.com/OWASP_llmsvs' 125 | 126 | def convert_requirement(self, llmsvs_requirement, parent): 127 | requirement = {} 128 | requirement['bom-ref'] = llmsvs_requirement['Shortcode'] 129 | requirement['identifier'] = llmsvs_requirement['Shortcode'] 130 | if 'ShortName' in llmsvs_requirement and llmsvs_requirement['ShortName'] != '': 131 | requirement['title'] = llmsvs_requirement['ShortName'] 132 | if 'Name' in llmsvs_requirement and llmsvs_requirement['Name'] != '': 133 | requirement['title'] = llmsvs_requirement['Name'] 134 | if 'Description' in llmsvs_requirement and llmsvs_requirement['Description'] != '': 135 | requirement['text'] = llmsvs_requirement['Description'] 136 | if parent: 137 | requirement['parent'] = parent 138 | return requirement 139 | 140 | def to_json(self): 141 | ''' Returns a JSON-formatted string ''' 142 | return json.dumps(self.bom, indent = 2, sort_keys = False, ensure_ascii=False).strip() 143 | -------------------------------------------------------------------------------- /0.1/tools/export.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ''' Tool for converting the ASVS requirements to various formats. 4 | 5 | Usage: ./export.py [--format /dev/null 2>&1; 8 | } 9 | 10 | if ! command_exists pandoc; then 11 | echo "Error: Please install pandoc. Cannot continue" 12 | exit; 13 | fi 14 | 15 | generate_docx() { 16 | pandoc -s -f gfm --reference-doc=../templates/reference.docx --columns 10000 --toc -t docx -o "../docs_$1/OWASP Application Security Verification Standard $2-$1.docx" *.md 17 | echo " done." 18 | echo -e "" 19 | echo -e "Note: If you got an error 'Invalid UTF-8 stream', make sure you are on the newest version of pandoc from the project website (not just the OS package repo)" 20 | echo -e "" 21 | echo -e "DOCX GENERATION MANUAL STEPS" 22 | echo -e "----------------------------" 23 | echo -e "After the docx file has been generated, do the following:" 24 | echo -e " - Select 'No' in the first prompt that appears" 25 | echo -e " - Move the 'Table of Contents' section to be just before the 'Frontispiece' section." 26 | echo -e " - Select the document heading (one of the first lines in the documrnt) which should say: 'OWASP Application" 27 | echo -e " Security Verification Standard $2', go to 'Paragraph' > 'Line and Page Breaks' and" 28 | echo -e " deselect 'Page break before'" 29 | echo -e " - Go to 'File' > 'Info' and set the 'Title' field to be 'OWASP Application Security Verification Standard $2'" 30 | echo -e " - Run the following VBA macro to fix Table settings:" 31 | echo -e " " 32 | echo -e " Dim tbl As Table" 33 | echo -e " For Each tbl In ActiveDocument.Tables" 34 | echo -e " tbl.Rows(1).HeadingFormat = True" 35 | echo -e " tbl.Rows.AllowBreakAcrossPages = False" 36 | echo -e " Next tbl" 37 | echo -e " " 38 | echo -e " - Manually review the document and move any orphaned table headings or section headings to the" 39 | echo -e " following page" 40 | echo -e " - Run 'Update table...' on the Table of Contents" 41 | echo -e " - Remove the lines above 'Frontispiece' from the Table of Contents" 42 | } 43 | 44 | # generate_html() { 45 | # pandoc -s -f markdown_github -t html5 -o "../OWASP Application Security Verification Standard 4.0-$1.html" *.md 46 | # } 47 | 48 | lang="en" 49 | vers="4.0" 50 | 51 | if [ -z "$1" ] 52 | then 53 | lang="en" 54 | else 55 | lang=$1 56 | fi 57 | 58 | if [ -z "$2" ] 59 | then 60 | vers="4.0" 61 | else 62 | vers=$2 63 | fi 64 | 65 | echo -n "Generating OWASP ASVS $vers ($lang)..." 66 | if [ -d "$lang" ]; 67 | then 68 | cd "$lang" 69 | generate_docx $lang $vers 70 | # generate_html $lang 71 | cd .. 72 | 73 | else 74 | echo " No OWASP ASVS found in directory $lang" 75 | fi 76 | 77 | 78 | echo 79 | echo "Generated OWASP Application Security Verification Standard $vers" 80 | -------------------------------------------------------------------------------- /0.1/tools/install_deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt install pandoc -y 3 | sudo apt install python3 -y 4 | sudo apt install python3-pip -y 5 | pip install dicttoxml 6 | pip install dicttoxml2 -------------------------------------------------------------------------------- /0.1/tools/llmsvs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | ''' LLMSVS document parser and converter class. 4 | 5 | Based upon the ASVS utility which was based on code written for MASVS By Bernhard Mueller 6 | Significant improvement by Jonny Schnittger @JonnySchnittger 7 | Additional modifications by Josh Grossman @tghosth 8 | Copyright (c) 2023 OWASP Foundation 9 | 10 | Permission is hereby granted, free of charge, to any person obtaining a copy 11 | of this software and associated documentation files (the "Software"), to deal 12 | in the Software without restriction, including without limitation the rights 13 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 14 | copies of the Software, and to permit persons to whom the Software is 15 | furnished to do so, subject to the following conditions: 16 | 17 | The above copyright notice and this permission notice shall be included in all 18 | copies or substantial portions of the Software. 19 | 20 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 21 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 22 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 23 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 24 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 25 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 26 | SOFTWARE. 27 | 28 | ''' 29 | 30 | import os 31 | import re 32 | import json 33 | from xml.sax.saxutils import escape 34 | import csv 35 | from dicttoxml2 import dicttoxml 36 | import xml.etree.ElementTree as ET 37 | 38 | try: 39 | from StringIO import StringIO 40 | except ImportError: 41 | from io import StringIO 42 | 43 | 44 | class LLMSVS: 45 | llmsvs = {} 46 | llmsvs['Name'] = "Large Language Model Security Verification Standard Project" 47 | llmsvs['ShortName'] = "LLMSVS" 48 | llmsvs['Version'] = "" 49 | llmsvs['Description'] = "The OWASP Large Language Model Security Verification Standard (LLMSVS) Project " \ 50 | "provides a basis for testing LLM technical security controls and also " \ 51 | "provides developers with a list of requirements for secure LLM development." 52 | 53 | llmsvs_flat = {} 54 | llmsvs_flat2 = {} 55 | llmsvs_flat['requirements'] = [] 56 | llmsvs_flat2['requirements'] = [] 57 | language = '' 58 | 59 | def __init__(self, language_in): 60 | 61 | self.language = language_in 62 | prefix_char1, prefix_char2, prefix_char1_b = self.get_prefix() 63 | 64 | regex = re.compile('Version (([\d.]+){3})') 65 | 66 | for line in open(os.path.join(self.language, "0x01-Frontispiece.md"), encoding="utf8"): 67 | m = re.search(regex, line) 68 | if m: 69 | self.llmsvs['Version'] = m.group(1) 70 | break 71 | 72 | regex = re.compile('## About the Standard\n\n(.*)') 73 | 74 | with open(os.path.join(self.language, "0x01-Frontispiece.md"), encoding="utf8") as content: 75 | m = re.search(regex, content.read()) 76 | if m: 77 | self.llmsvs['Description'] = m.group(1) 78 | 79 | self.llmsvs['Requirements'] = chapters = [] 80 | 81 | 82 | for file in sorted(os.listdir(self.language)): 83 | 84 | if re.match("0x\d{2}-V", file): 85 | chapter = {} 86 | chapter['Shortcode'] = "" 87 | chapter['Ordinal'] = "" 88 | chapter['ShortName'] = "" 89 | chapter['Name'] = "" 90 | chapter['Items'] = [] 91 | 92 | section = {} 93 | section['Shortcode'] = "" 94 | section['Ordinal'] = "" 95 | section['Name'] = "" 96 | section['Items'] = [] 97 | 98 | regex = re.compile('0x\d{2}-(V([0-9]{1,3}))-(\w[^-.]*)') 99 | m = re.search(regex, file) 100 | if m: 101 | chapter = {} 102 | chapter['Shortcode'] = m.group(1).replace('V', prefix_char1) 103 | chapter['Ordinal'] = int(m.group(2)) 104 | chapter['ShortName'] = m.group(3) 105 | chapter['Name'] = "" 106 | chapter['Items'] = [] 107 | 108 | section = {} 109 | section['Shortcode'] = m.group(1).replace('V', prefix_char1) 110 | section['Ordinal'] = int(m.group(2)) 111 | section['Name'] = m.group(3) 112 | section['Items'] = [] 113 | 114 | chapters.append(chapter) 115 | 116 | for line in open(os.path.join(self.language, file), encoding="utf8"): 117 | regex = re.compile("^#\s(" + prefix_char1 + "([0-9]{1,2})" + prefix_char1_b + ")\s([\w\s][^\n]*)") 118 | 119 | #if line.startswith('# '): 120 | # print(line) 121 | m = re.search(regex, line) 122 | if m: 123 | chapter['Name'] = m.group(3) 124 | 125 | 126 | regex = re.compile("## (" + prefix_char2 + "[0-9]{1,2}.([0-9]{1,3})) ([\w\s][^\n]*)") 127 | m = re.search(regex, line) 128 | if m: 129 | section = {} 130 | section['Shortcode'] = m.group(1) 131 | section['Ordinal'] = int(m.group(2)) 132 | 133 | if self.language == 'ar': 134 | section['Ordinal'] = int(m.group(1).split('.')[0].replace(prefix_char2, '')) 135 | 136 | section['Name'] = m.group(3) 137 | section['Items'] = [] 138 | 139 | chapter['Items'].append(section) 140 | 141 | regex = re.compile("\*\*([\d\.]+)\*\*\s\|\s{0,1}(.*?)\s{0,1}\|(.*?)\|"\ 142 | "(.*?)\|(.*?)\|([0-9,\s]*)\|([A-Z0-9/\s,.]*)\|{0,1}") 143 | m = re.search(regex, line) 144 | if m: 145 | 146 | req_flat = {} 147 | req_flat2 = {} 148 | req_flat2['Section'] = req_flat['chapter_id'] = chapter['Shortcode'] 149 | req_flat2['Name'] = req_flat['chapter_name'] = chapter['Name'] 150 | req_flat['section_id'] = section['Shortcode'] 151 | req_flat['section_name'] = section['Name'] 152 | 153 | req = {} 154 | req_flat2['Item'] = req_flat['req_id'] = req['Shortcode'] = prefix_char2 + m.group(1) 155 | req['Ordinal'] = int(m.group(1).rsplit('.',1)[1]) 156 | if self.language == 'ar': 157 | req['Ordinal'] = int(m.group(1).split('.')[0]) 158 | 159 | req_flat2['Description'] = req_flat['req_description'] = req['Description'] = m.group(2) 160 | 161 | level1 = {} 162 | level2 = {} 163 | level3 = {} 164 | 165 | req_flat['level1'] = m.group(3).strip(' ') 166 | req_flat['level2'] = m.group(4).strip(' ') 167 | req_flat['level3'] = m.group(5).strip(' ') 168 | 169 | level1['Required'] = m.group(3).strip() != '' 170 | req_flat2['L1'] = ('X' if level1['Required'] else '') 171 | level2['Required'] = m.group(4).strip() != '' 172 | req_flat2['L2'] = ('X' if level2['Required'] else '') 173 | level3['Required'] = m.group(5).strip() != '' 174 | req_flat2['L3'] = ('X' if level3['Required'] else '') 175 | 176 | level1['Requirement'] = ("Optional" if m.group(3).strip('✓ ') == "o" else m.group(3).strip(' ')) 177 | level2['Requirement'] = ("Optional" if m.group(4).strip('✓ ') == "o" else m.group(4).strip(' ')) 178 | level3['Requirement'] = ("Optional" if m.group(5).strip('✓ ') == "o" else m.group(5).strip(' ')) 179 | 180 | req['L1'] = level1 181 | req['L2'] = level2 182 | req['L3'] = level3 183 | 184 | req['CWE'] = [int(i.strip()) for i in filter(None, m.group(6).strip().split(','))] 185 | req_flat2['CWE'] = req_flat['cwe'] = m.group(6).strip() 186 | req['NIST'] = [str(i.strip()) for i in filter(None,m.group(7).strip().split('/'))] 187 | req_flat2['NIST'] = req_flat['nist'] = m.group(7).strip() 188 | 189 | section['Items'].append(req) 190 | self.llmsvs_flat['requirements'].append(req_flat) 191 | self.llmsvs_flat2['requirements'].append(req_flat2) 192 | 193 | def get_prefix(self): 194 | prefix_char1 = prefix_char2 = 'V' 195 | prefix_char1_b = '' 196 | if self.language == 'ar': 197 | prefix_char1 = 'ت' 198 | prefix_char1_b = ':' 199 | prefix_char2 = 'ق' 200 | 201 | 202 | 203 | return prefix_char1, prefix_char2, prefix_char1_b 204 | 205 | def to_json(self): 206 | ''' Returns a JSON-formatted string ''' 207 | return json.dumps(self.llmsvs, indent = 2, sort_keys = False, ensure_ascii=False).strip() 208 | 209 | def to_json_flat(self): 210 | ''' Returns a JSON-formatted string which is flattened and simpler ''' 211 | return json.dumps(self.llmsvs_flat, indent = 2, sort_keys = False, ensure_ascii=False).strip() 212 | 213 | def to_xmlOLD(self): 214 | ''' Returns XML ''' 215 | xml = '' 216 | 217 | for r in self.requirements: 218 | 219 | xml += "" + escape(r['text']) + "\n" 220 | 221 | return xml 222 | def to_xml(self): 223 | return dicttoxml(self.llmsvs, attr_type=False).decode('utf-8') 224 | 225 | def to_csv(self): 226 | ''' Returns CSV ''' 227 | si = StringIO() 228 | 229 | writer = csv.DictWriter(si, ['chapter_id', 'chapter_name', 'section_id', 'section_name', 'req_id', 'req_description', 'level1', 'level2', 'level3', 'cwe', 'nist']) 230 | writer.writeheader() 231 | writer.writerows(self.llmsvs_flat['requirements']) 232 | 233 | return si.getvalue() 234 | 235 | def dict_increment(self, dict_obj, dict_key): 236 | if dict_key not in dict_obj: 237 | dict_obj[dict_key] = 0 238 | 239 | dict_obj[dict_key] += 1 240 | 241 | return dict_obj 242 | 243 | def summary_total(self, summary): 244 | total = 0 245 | for chapter in summary: 246 | total += summary[chapter] 247 | 248 | return total 249 | 250 | def summary_string(self, format, summary): 251 | return f'Language: {self.language}. Format: {format}. Total: {self.summary_total(summary)}. Details: {summary}\n' 252 | 253 | 254 | def verify_csv(self, csv): 255 | 256 | prefix_char1, null, null = self.get_prefix() 257 | 258 | summary = {} 259 | for line in csv.splitlines(): 260 | if 'chapter_id,chapter_name' not in line: 261 | summary = self.dict_increment(summary, line.split(',')[0].replace(prefix_char1,'')) 262 | 263 | return self.summary_string('csv', summary) 264 | 265 | def verify_json_flat(self, json_flat): 266 | prefix_char1, null, null = self.get_prefix() 267 | data = json.loads(json_flat) 268 | summary = {} 269 | for req in data['requirements']: 270 | summary = self.dict_increment(summary, req['chapter_id'].replace(prefix_char1,'')) 271 | 272 | return self.summary_string('json_flat', summary) 273 | 274 | def verify_json(self, json_reg): 275 | prefix_char1, null, null = self.get_prefix() 276 | data = json.loads(json_reg) 277 | summary = {} 278 | for req in data['Requirements']: 279 | for ite1 in req['Items']: 280 | for ite2 in ite1['Items']: 281 | summary = self.dict_increment(summary, req['Shortcode'].replace(prefix_char1,'')) 282 | 283 | return self.summary_string('json', summary) 284 | 285 | 286 | def verify_xml(self, xml_string): 287 | prefix_char1, null, null = self.get_prefix() 288 | data = ET.fromstring(xml_string) 289 | summary = {} 290 | scode = '' 291 | for req in data.iter(): 292 | if req.tag == 'Requirements': 293 | for el_item in req: 294 | for el_item_sub in el_item: 295 | if el_item_sub.tag == 'Shortcode': 296 | scode = el_item_sub.text 297 | if el_item_sub.tag == 'Items': 298 | for el_Items in el_item_sub: 299 | for el_item2_sub in el_Items: 300 | if el_item2_sub.tag == 'Items': 301 | for el_Items2 in el_item2_sub: 302 | summary = self.dict_increment(summary, scode.replace(prefix_char1,'')) 303 | 304 | return self.summary_string('xml', summary) 305 | -------------------------------------------------------------------------------- /404.html: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | title: 404 - Not Found 4 | layout: col-generic 5 | 6 | --- 7 | 8 |
9 |

10 |

WHOA THAT PAGE CANNOT BE FOUND

11 |

Try the SEARCH function in the main navigation to find something. If you are looking for chapter information, please see Chapters for the correct chapter. For information about OWASP projects see Projects. For common attacks, vulnerabilities, or information about other community-led contributions see Contributed Content.

12 | 13 |
14 |

If all else fails you can search our historical site.

15 |
16 | -------------------------------------------------------------------------------- /COMPILING.md: -------------------------------------------------------------------------------- 1 | # Document Builder 2 | 3 | **Note - this method is still in testing!** 4 | 5 | ## Document Compilation Instructions 6 | 7 | 1. Install Docker on your computer (see instructions for different architectures [in the Docker docs](https://docs.docker.com/engine/install/)) 8 | 2. Build the docker image: `docker build ./docker -t llmsvs-builder` 9 | 3. Change directory to the target version. E.g `cd 0.1` 10 | 4. Optionally perform a clean with `docker run -it --rm -v "$(pwd):/data" llmsvs-builder clean` 11 | 5. Build the PDF with `docker run -it --rm -v "$(pwd):/data" llmsvs-builder pdf` 12 | 6. The PDF will be located within the `TARGET_VERSION/dist` directory 13 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to the OWASP Large Language Model Security Verification Standard (LLMSVS) Project. We welcome all contributions and appreciate your efforts to improve our project. 4 | 5 | ## Getting Started 6 | 7 | To get started with contributing, please follow these steps: 8 | 9 | 1. [Join](http://owasp.org/slack/invite) the [OWASP Slack workspace](https://owasp.slack.com) to connect with the OWASP community and get help with any questions you may have. 10 | 2. [Join](https://owasp.slack.com/messages/C06MDJG0KBK) the `#project-llmvs` Channel. 11 | 3. Familiarize yourself with the project goals and objectives. 12 | 4. Fork the repository and clone it to your local machine. 13 | 5. Install any necessary dependencies and set up your development environment. 14 | 6. Make your changes and test them locally to ensure they work as expected. 15 | 7. Submit a pull request with your changes. 16 | 17 | ## Pull Request Guidelines 18 | 19 | Before submitting a pull request, please make sure: 20 | 21 | 1. Your changes are consistent with the project's goals and objectives. 22 | 2. Your changes are well-documented and follow the project's coding standards. 23 | 3. Your changes do not introduce new bugs or break existing functionality. 24 | 4. Your changes are accompanied by tests, if applicable. 25 | 5. Your pull request includes a clear and concise description of the changes you have made. 26 | 27 | ## Code of Conduct 28 | 29 | We ask that all contributors to OWASP projects abide by our [Code of Conduct](https://owasp.org/www-policy/operational/code-of-conduct). This code outlines our expectations for behavior within the project community and helps us maintain a welcoming and inclusive environment for all contributors. 30 | 31 | Thank you for your interest in contributing to an OWASP project. We appreciate your efforts to help us improve and grow our projects. 32 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | group :jekyll_plugins do 3 | gem "github-pages" 4 | end -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # Attribution-ShareAlike 4.0 International 2 | 3 | // SPDX-License-Identifier: CC-BY-SA-4.0 4 | 5 | Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible. 6 | 7 | ## Using Creative Commons Public Licenses 8 | 9 | Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses. 10 | 11 | - **Considerations for licensors:** Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. [More considerations for licensors](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors). 12 | 13 | - **Considerations for the public:** By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensor’s permission is not necessary for any reason–for example, because of any applicable exception or limitation to copyright–then that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. [More considerations for the public](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees). 14 | 15 | ## Creative Commons Attribution-ShareAlike 4.0 International Public License 16 | 17 | By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-ShareAlike 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions. 18 | 19 | ### Section 1 – Definitions 20 | 21 | a. **Adapted Material** means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image. 22 | 23 | b. **Adapter's License** means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License. 24 | 25 | c. **BY-SA Compatible License** means a license listed at [creativecommons.org/compatiblelicenses](http://creativecommons.org/compatiblelicenses), approved by Creative Commons as essentially the equivalent of this Public License. 26 | 27 | d. **Copyright and Similar Rights** means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights. 28 | 29 | e. **Effective Technological Measures** means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements. 30 | 31 | f. **Exceptions and Limitations** means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material. 32 | 33 | g. **License Elements** means the license attributes listed in the name of a Creative Commons Public License. The License Elements of this Public License are Attribution and ShareAlike. 34 | 35 | h. **Licensed Material** means the artistic or literary work, database, or other material to which the Licensor applied this Public License. 36 | 37 | i. **Licensed Rights** means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license. 38 | 39 | j. **Licensor** means the individual(s) or entity(ies) granting rights under this Public License. 40 | 41 | k. **Share** means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them. 42 | 43 | l. **Sui Generis Database Rights** means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world. 44 | 45 | m. **You** means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning. 46 | 47 | ### Section 2 – Scope 48 | 49 | a. _**License grant.**_ 50 | 51 | 1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to: 52 | 53 | A. reproduce and Share the Licensed Material, in whole or in part; and 54 | 55 | B. produce, reproduce, and Share Adapted Material. 56 | 57 | 2. **Exceptions and Limitations.** For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions. 58 | 59 | 3. **Term.** The term of this Public License is specified in Section 6(a). 60 | 61 | 4. **Media and formats; technical modifications allowed.** The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material. 62 | 63 | 5. **Downstream recipients.** 64 | 65 | A. **Offer from the Licensor – Licensed Material.** Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License. 66 | 67 | B. **Additional offer from the Licensor – Adapted Material.** Every recipient of Adapted Material from You automatically receives an offer from the Licensor to exercise the Licensed Rights in the Adapted Material under the conditions of the Adapter’s License You apply. 68 | 69 | C. **No downstream restrictions.** You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material. 70 | 71 | 6. **No endorsement.** Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i). 72 | 73 | b. _**Other rights.**_ 74 | 75 | 1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise. 76 | 77 | 2. Patent and trademark rights are not licensed under this Public License. 78 | 79 | 3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties. 80 | 81 | ### Section 3 – License Conditions 82 | 83 | Your exercise of the Licensed Rights is expressly made subject to the following conditions. 84 | 85 | a. _**Attribution.**_ 86 | 87 | 1. If You Share the Licensed Material (including in modified form), You must: 88 | 89 | A. retain the following if it is supplied by the Licensor with the Licensed Material: 90 | 91 | i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated); 92 | 93 | ii. a copyright notice; 94 | 95 | iii. a notice that refers to this Public License; 96 | 97 | iv. a notice that refers to the disclaimer of warranties; 98 | 99 | v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable; 100 | 101 | B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and 102 | 103 | C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License. 104 | 105 | 2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information. 106 | 107 | 3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable. 108 | 109 | b. _**ShareAlike.**_ 110 | 111 | In addition to the conditions in Section 3(a), if You Share Adapted Material You produce, the following conditions also apply. 112 | 113 | 1. The Adapter’s License You apply must be a Creative Commons license with the same License Elements, this version or later, or a BY-SA Compatible License. 114 | 115 | 2. You must include the text of, or the URI or hyperlink to, the Adapter's License You apply. You may satisfy this condition in any reasonable manner based on the medium, means, and context in which You Share Adapted Material. 116 | 117 | 3. You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, Adapted Material that restrict exercise of the rights granted under the Adapter's License You apply. 118 | 119 | ### Section 4 – Sui Generis Database Rights 120 | 121 | Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material: 122 | 123 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database; 124 | 125 | b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material, including for purposes of Section 3(b); and 126 | 127 | c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database. 128 | 129 | For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights. 130 | 131 | ### Section 5 – Disclaimer of Warranties and Limitation of Liability 132 | 133 | a. **Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.** 134 | 135 | b. **To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.** 136 | 137 | c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability. 138 | 139 | ### Section 6 – Term and Termination 140 | 141 | a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically. 142 | 143 | b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates: 144 | 145 | 1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or 146 | 147 | 2. upon express reinstatement by the Licensor. 148 | 149 | For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License. 150 | 151 | c. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License. 152 | 153 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License. 154 | 155 | ### Section 7 – Other Terms and Conditions 156 | 157 | a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed. 158 | 159 | b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License. 160 | 161 | ### Section 8 – Interpretation 162 | 163 | a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License. 164 | 165 | b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions. 166 | 167 | c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor. 168 | 169 | d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority. 170 | 171 | > Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” The text of the Creative Commons public licenses is dedicated to the public domain under the [CC0 Public Domain Dedication](https://creativecommons.org/publicdomain/zero/1.0/legalcode). Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at [creativecommons.org/policies](http://creativecommons.org/policies), Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses. 172 | > 173 | > Creative Commons may be contacted at creativecommons.org. 174 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OWASP Large Language Model Security Verification Standard 2 | 3 | [![OWASP Incubator](https://img.shields.io/badge/owasp-incubator-blue.svg)](https://owasp.org/www-project-llm-verification-standard/) 4 | [![Creative Commons License](https://img.shields.io/github/license/OWASP/www-project-llm-verification-standard)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0") 5 | 6 | ## Introduction 7 | 8 | The primary aim of the OWASP Large Language Model Security Verification Standard (LLMSVS) Project is to provide an open security standard for systems which leverage artificial intelligence and Large Language Models. 9 | 10 | The standard provides a basis for designing, building, and testing robust LLM backed applications, including architectural, model lifecycle, model training, model operation and integration, model storage and monitoring concerns. 11 | 12 | We gratefully recognize the organizations who have supported the project either through significant time provision or financially on our "[Supporters](SUPPORTERS.md)" page! 13 | 14 | **Please [log issues](https://github.com/OWASP/www-project-llm-verification-standard/issues) if you find any bugs or if you have ideas. We may subsequently ask you to [open a pull request](https://github.com/OWASP/www-project-llm-verification-standard/pulls) based on the discussion in the issue.** 15 | 16 | ## Project Leaders and Working Group 17 | 18 | The project is led by the two project leaders [Vandana Verma Sehgal](https://github.com/vermava) and [Elliot Ward](https://github.com/mowzk). 19 | 20 | ## Initial Draft Version - 0.1 21 | 22 | The latest stable version is version 0.1 (dated February 2024), which can be found: 23 | 24 | * [OWASP Large Language Model Security Verification Standard 0.1 English (PDF)](https://github.com/OWASP/www-project-llm-verification-standard/releases/tag/0.1) 25 | 26 | The master branch of this repository will always be the "bleeding edge version" which might have in-progress changes or other edits open. 27 | 28 | ## Standard Objectives 29 | 30 | The requirements were developed with the following objectives in mind: 31 | 32 | 1. **Develop and Refine Security Guidelines**: Consolidate general objectives, including community involvement and standard evolution, into a comprehensive set of security guidelines for AI and LLM-based systems. 33 | 2. **Address Unique Security Challenges of LLMs**: Focus specifically on the unique functional and non-functional security challenges presented by Large Language Models. 34 | 3. **Guide Development Teams in Secure Practices**: Provide detailed guidance to development teams for implementing robust security measures in LLM-based applications. 35 | 4. **Assist Security Teams in Audits and Penetration Testing**: Offer methodologies and standards for security teams to conduct effective security audits and penetration tests on LLM-backed systems. 36 | 5. **Establish and Update Security Benchmarks**: Create and regularly update security benchmarks to align with the latest advancements in AI and cybersecurity. 37 | 6. **Promote Best Practices in LLM Security**: Encourage the adoption of industry best practices in securing LLM-based systems. 38 | 7. **Align Security Expectations Among Stakeholders**: Establish a common understanding of security expectations among developers, security professionals, vendors, and clients. 39 | 40 | ## License 41 | 42 | The entire project content is under the **[Creative Commons Attribution-Share Alike v4.0](LICENSE.md)** license. 43 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting Issues 2 | 3 | Contact the project leaders listed on the project webpage to report security issues 4 | -------------------------------------------------------------------------------- /SUPPORTERS.md: -------------------------------------------------------------------------------- 1 | # Supporters 2 | 3 | ## Major Supporters and Sponsors 4 | 5 | This initiative would not have been possible without the support of our sponsors and the resources they have provided. We would like to express our gratitude to the following for their support. 6 | 7 | ### Snyk 8 | 9 | ![Snyk Logo](./assets/images/snyk-logo.png) 10 | 11 | The LLMSVS project was founded as a way to share some of the knowledge gained from research into AI and LLM projects within the Snyk Security Labs team. We thank Snyk for the effort into eliciting the initial requirements and founding the project. 12 | 13 | ### Lakera 14 | 15 | ![Lakera Logo](./assets/images/lakera-logo.png) 16 | 17 | Lakera, a security company that empowers developers to confidently build secure Generative AI applications, reviewed and proofread an early draft of this standard, providing guidance based on their expertise with model lifecycle security and secure LLM integration. 18 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: "owasp/www--site-theme@main" 2 | plugins: 3 | - jekyll-include-cache-0.2.0 4 | -------------------------------------------------------------------------------- /assets/images/lakera-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/assets/images/lakera-logo.png -------------------------------------------------------------------------------- /assets/images/snyk-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-llm-verification-standard/b1a5bf5c83b5476822ccc994b3bc44c2dd3e6db8/assets/images/snyk-logo.png -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # Base stage for installing fonts 2 | FROM docker.io/pandoc/latex:latest as font_base 3 | 4 | WORKDIR /fonts 5 | RUN apk add --no-cache curl unzip && \ 6 | for font in source-sans source-serif source-code-pro; do \ 7 | git_tarball_url="https://www.github.com/adobe-fonts/${font}"$(curl -L "https://github.com/adobe-fonts/${font}/tags" | \ 8 | grep -o "/archive/refs/tags/.*\.zip" | grep -v 'variable' | sort -r | head -1 | tr -d '\n'); \ 9 | echo "DOWNLOADING FROM: ${git_tarball_url}"; \ 10 | curl -L --retry 5 "${git_tarball_url}" --output "$font.zip"; \ 11 | unzip "${font}.zip"; \ 12 | done && \ 13 | mkdir /adobe-fonts && \ 14 | find /fonts/ -name "*.ttf" -exec install -m644 {} /adobe-fonts/ \; || return 1 && \ 15 | rm -rf /fonts/source* 16 | 17 | # Final stage for setting up the environment 18 | FROM pandoc/latex:latest as pandoc_base 19 | 20 | # Copy the installed fonts from the font_base stage 21 | COPY --from=font_base /adobe-fonts /usr/share/fonts/adobe-fonts 22 | 23 | RUN apk add --no-cache \ 24 | python3 \ 25 | bash \ 26 | py3-pip \ 27 | sed \ 28 | make \ 29 | fontconfig \ 30 | font-noto-cjk \ 31 | freetype 32 | 33 | RUN python3 -m venv /opt/venv \ 34 | && /opt/venv/bin/pip3 install --upgrade pip \ 35 | && fc-cache -fv 36 | 37 | # Python setup 38 | RUN /opt/venv/bin/pip3 install dicttoxml2 setuptools==69.0.3 39 | 40 | # Install KOMA-Script and any other necessary LaTeX packages 41 | RUN for i in 1 2 3 4 5; do tlmgr install \ 42 | xecjk \ 43 | ctex \ 44 | fancyhdr \ 45 | hardwrap \ 46 | catchfile \ 47 | ragged2e \ 48 | koma-script \ 49 | setspace \ 50 | colortbl \ 51 | footnotebackref \ 52 | polyglossia \ 53 | pagecolor \ 54 | csquotes \ 55 | caption \ 56 | mdframed \ 57 | needspace \ 58 | titling \ 59 | bookmark \ 60 | newunicodechar \ 61 | adjustbox \ 62 | collectbox \ 63 | listings \ 64 | adjustbox \ 65 | background \ 66 | bidi \ 67 | everypage \ 68 | footmisc \ 69 | fvextra \ 70 | ly1 \ 71 | mweights \ 72 | pagecolor \ 73 | titling \ 74 | ucharcat \ 75 | ulem \ 76 | upquote \ 77 | xurl \ 78 | zref && break || sleep 15; done 79 | 80 | # Set the working directory 81 | WORKDIR /data 82 | 83 | # Set a neutral default command 84 | ENTRYPOINT [ "make" ] 85 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | layout: col-sidebar 4 | title: OWASP LLM Security Verification Standard 5 | tags: llm builders defenders 6 | level: 2 7 | type: documentation 8 | pitch: The standard provides a basis for designing, building, and testing robust LLM backed applications 9 | 10 | --- 11 | 12 | [![OWASP Incubator](https://img.shields.io/badge/owasp-incubator-blue.svg)](https://owasp.org/www-project-llm-verification-standard/) 13 | [![Creative Commons License](https://img.shields.io/github/license/OWASP/www-project-llm-verification-standard)](https://creativecommons.org/licenses/by-sa/4.0/ "CC BY-SA 4.0") 14 | 15 | ## Introduction 16 | 17 | The primary aim of the OWASP Large Language Model Security Verification Standard (LLMSVS) Project is to provide an open security standard for systems which leverage artificial intelligence and Large Language Models. 18 | 19 | The standard provides a basis for designing, building, and testing robust LLM backed applications, including architectural, model lifecycle, model training, model operation and integration, model storage and monitoring concerns. 20 | 21 | Initial Draft Version - 0.1 22 | 23 | The latest stable version is version 0.1 (dated February 2024), which can be found: 24 | 25 | * [OWASP Large Language Model Security Verification Standard 0.1 English (PDF)](https://github.com/OWASP/www-project-llm-verification-standard/releases/tag/0.1) 26 | 27 | The master branch of this repository will always be the "bleeding edge version" which might have in-progress changes or other edits open. 28 | 29 | We gratefully recognize the organizations who have supported the project either through significant time provision or financially on our "[Supporters](https://github.com/OWASP/www-project-llm-verification-standard/blob/main/SUPPORTERS.md)" page! 30 | 31 | ## Standard Objectives 32 | 33 | The requirements were developed with the following objectives in mind: 34 | 35 | 1. **Develop and Refine Security Guidelines**: Consolidate general objectives, including community involvement and standard evolution, into a comprehensive set of security guidelines for AI and LLM-based systems. 36 | 2. **Address Unique Security Challenges of LLMs**: Focus specifically on the unique functional and non-functional security challenges presented by Large Language Models. 37 | 3. **Guide Development Teams in Secure Practices**: Provide detailed guidance to development teams for implementing robust security measures in LLM-based applications. 38 | 4. **Assist Security Teams in Audits and Penetration Testing**: Offer methodologies and standards for security teams to conduct effective security audits and penetration tests on LLM-backed systems. 39 | 5. **Establish and Update Security Benchmarks**: Create and regularly update security benchmarks to align with the latest advancements in AI and cybersecurity. 40 | 6. **Promote Best Practices in LLM Security**: Encourage the adoption of industry best practices in securing LLM-based systems. 41 | 7. **Align Security Expectations Among Stakeholders**: Establish a common understanding of security expectations among developers, security professionals, vendors, and clients. 42 | -------------------------------------------------------------------------------- /info.md: -------------------------------------------------------------------------------- 1 | ### LLM Verification Standard Information 2 | 3 | * Incubator Project 4 | 5 | ### Classification 6 | 7 | * Documentation 8 | 9 | ### Audience 10 | 11 | * Builder 12 | * Breaker 13 | * Defender 14 | 15 | ### Downloads or Social Links 16 | 17 | * [Download](https://github.com/OWASP/www-project-llm-verification-standard/releases/tag/0.1) 18 | * [Join OWASP Group Slack](https://owasp.org/slack/invite) 19 | * [Join #project-llmvs Channel](https://owasp.slack.com/messages/C06MDJG0KBK) 20 | 21 | 22 | ### Code Repository 23 | 24 | * [Repo](https://github.com/OWASP/www-project-llm-verification-standard) 25 | 26 | ### Change Log 27 | 28 | * [Changes](https://github.com/OWASP/www-project-llm-verification-standard/releases) 29 | -------------------------------------------------------------------------------- /leaders.md: -------------------------------------------------------------------------------- 1 | ### Leaders 2 | 3 | * [Vandana Verma Sehgal](mailto:vandana.verma@owasp.org) 4 | * [Elliot Ward](https://github.com/mowzk) 5 | -------------------------------------------------------------------------------- /release.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: col-sidebar 3 | title: OWASP LLM Release 4 | tags: example-tag 5 | type: other 6 | level: 3 7 | tags: release-tag 8 | 9 | --- 10 | 11 | ## LLM Verification Standard Release 12 | 13 | This is the first release of many. Please feel free to share your feedback 14 | --------------------------------------------------------------------------------