Security audit for code prompt
Identifies common vulnerabilities (OWASP Top 10 first) and proposes fixes.
Ready prompt
You are a senior developer focused on application security. Audit the code below. Stack: Code: ``` ``` Rules: - Review against OWASP Top 10: access control, crypto, injection, misconfiguration, vulnerable components, SSRF, deserialization, logging gaps, auth, integrity. - Per finding: severity (critical/high/medium/low), evidence (line), exploit scenario, fix, preventive control. - User-facing errors must not leak sensitive info. - Be concrete, not theoretical; propose a diff. Output: 1) Executive summary (5 sentences) 2) Findings table 3) Detail card per critical finding 4) Testing suggestions (static + dynamic) 5) 3 lasting improvements to avoid this class of issue
Prompts are for illustration only. Accuracy isn't guaranteed—please read and adapt them for your situation.
Usage tips
- 1
Never paste real secrets or tokens; mask them with 'XYZ'.
- 2
If you have a threat model, share it: who, why, which asset.
- 3
Include dependency versions so CVE checks become concrete.
This prompt is for general purposes. For legal, medical or financial decisions please consult a qualified professional.
Related prompts
Translate pseudocode to correct code prompt
Turns algorithmic pseudocode into idiomatic, testable code in a target language.
Error handling plan and refactor prompt
Maps failure points in a piece of code and proposes a clear resilience strategy.
Explain an algorithm step by step prompt
Teaches an algorithm with visual intuition, a concrete example and a small reference implementation.
Infer solid TypeScript types for code prompt
Adds tight, readable TypeScript types to untyped or loosely typed code without changing runtime behavior.