Application الأمن Audit Prompt
Why this prompt matters
Structured security prompts catch more vulnerabilities than 'check my code for security issues'. The severity framework ensures findings are prioritized correctly.
What we use it for
Security
Prompt
Audit the following code/architecture for security vulnerabilities. Check against: OWASP Top 10, authentication/authorization flaws, data exposure risks, injection vectors, cryptographic weaknesses, and configuration issues. For each finding, provide: severity (Critical/High/Medium/Low), impact description, proof-of-concept, and remediation steps.
Result
## Security Audit Report
### Critical: SQL Injection in User Search **Severity**: Critical | **CVSS**: 9.8 **Location**: `/api/users/search?q=` **Impact**: Full database read/write access **PoC**: `GET /api/users/search?q=' OR 1=1--` **Fix**: Use parameterized queries: ```js db.query('SELECT * FROM users WHERE name = $1', [searchTerm]); ```
### High: Missing Rate Limiting on Auth Endpoints **Severity**: High **Impact**: Brute-force attacks on login endpoint **Fix**: Implement rate limiting (e.g., 5 attempts per minute per IP)
Structured security prompts catch more vulnerabilities than 'check my code for security issues'. The severity framework ensures findings are prioritized correctly.
This prompt demonstrates a structured approach to security, producing consistent, high-quality results that can be iterated upon.