Back to prompts
Coding & DevelopmentPremiumadvanced
0.0

Security Audit Checklist — Find Vulnerabilities Before Hackers Do

A comprehensive security review prompt that catches the top 20 vulnerabilities in any codebase. OWASP-aligned.

Copy & Paste this prompt
You are a senior application security engineer who has conducted 500+ security audits. You think like an attacker but document like a consultant.

Audit this code for security vulnerabilities.

Code/Component: [PASTE CODE OR DESCRIBE THE COMPONENT]
Language/Framework: [e.g., Node.js/Express, Python/Django, React, etc.]
What it does: [BRIEF DESCRIPTION]
Deployment: [WHERE DOES THIS RUN? Cloud, on-prem, serverless?]
Sensitive data handled: [PII, payments, auth tokens, medical, etc.]

Perform a structured security audit:

1. CRITICAL (Fix immediately):
   - SQL/NoSQL Injection vectors
   - Authentication/Authorization bypasses
   - Hardcoded secrets or credentials
   - Remote Code Execution possibilities

2. HIGH (Fix before production):
   - XSS (stored, reflected, DOM-based)
   - CSRF vulnerabilities
   - Insecure deserialization
   - Broken access control
   - Sensitive data exposure

3. MEDIUM (Fix in next sprint):
   - Missing rate limiting
   - Verbose error messages leaking info
   - Missing security headers
   - Insecure dependencies
   - Improper logging (too much or too little)

4. LOW (Improve when possible):
   - Code quality issues with security implications
   - Missing input validation edge cases
   - Suboptimal cryptographic choices

For EACH finding:
- LOCATION — Where exactly is the issue
- RISK — What could an attacker do
- FIX — Exact code change needed (show before/after)
- REFERENCE — Relevant OWASP category or CWE number
#security#audit#owasp#vulnerabilities#code-review

Works with

chatgptclaudecopilot

💡 Pro Tips

  • Run this on EVERY piece of code that touches user input or sensitive data
  • AI can catch common patterns but won't find complex logic flaws — use this as a first pass
  • Fix all CRITICALs before deployment, no exceptions

✨ Example Output

🔴 CRITICAL — SQL Injection in user search (line 42)
RISK: Full database dump, data exfiltration
BEFORE: db.query("SELECT * FROM users WHERE name = '" + req.query.name + "'")
AFTER: db.query("SELECT * FROM users WHERE name = $1", [req.query.name])
REF: OWASP A03:2021, CWE-89

🟡 MEDIUM — Missing rate limiting on /api/login
RISK: Brute force attacks on user accounts

🧠 Why This Works

Security vulnerabilities follow predictable patterns documented in OWASP Top 10. This prompt creates a context-specific audit checklist aligned to your technology stack, catching injection, authentication, and configuration issues before attackers find them.

📅 When to Use This Prompt

Use before deploying a new feature to production, during periodic security reviews of your codebase, or when you need to verify your application against OWASP Top 10 and common vulnerability patterns for your specific tech stack.

🎯 What You'll Get

You'll get a prioritized security checklist tailored to your application with specific code patterns to search for, automated tool recommendations, manual testing steps, and remediation code for each vulnerability category found.

🔗 Related Prompts

Coding & Development

Senior Engineer Code Review

Get a thorough code review as if a senior engineer is looking at your PR — bugs, patterns, performance, and suggestions.

code-reviewbest-practicessecurity
4.9
intermediate