Security Audit — Find Vulnerabilities in Code
Perform a security audit identifying OWASP Top 10 vulnerabilities, injection risks, and authentication flaws.
The Prompt
Perform a security audit of the following code. Check for: 1. Injection vulnerabilities (SQL, NoSQL, command, LDAP) 2. Cross-site scripting (XSS) — reflected and stored 3. Broken authentication or session management 4. Insecure direct object references 5. Security misconfiguration 6. Sensitive data exposure (logging secrets, weak crypto) 7. Missing input validation or output encoding 8. Dependency vulnerabilities (flag suspicious imports) For each finding: severity (Critical/High/Medium/Low), location, explanation of the risk, and the fix. Code to audit: ``` [PASTE YOUR CODE] ```
Example Output
Found 3 Critical vulnerabilities: raw string interpolation in SQL query (line 23, SQL injection), unsanitized user input rendered with innerHTML (line 67, stored XSS), and JWT secret stored as plain-text env variable logged to console (line 12, secret exposure).
FAQ
Which AI model is best for Security Audit — Find Vulnerabilities in Code?
Claude Sonnet 4 or Claude Opus 4 for thorough security reasoning. Claude tends to be more conservative and thorough than GPT on security.
How do I use the Security Audit — Find Vulnerabilities in Code prompt?
Copy the prompt, replace the [BRACKETED] placeholders with your specific information, and paste into your preferred AI assistant (ChatGPT, Claude, Gemini, etc.). Found 3 Critical vulnerabilities: raw string interpolation in SQL query (line 23, SQL injection), unsanitized user input rendered with innerHTML (line 67, stored XSS), and JWT secret stored as plain-text env variable logged to console (line 12, secret exposure).
Model Recommendation
Claude Sonnet 4 or Claude Opus 4 for thorough security reasoning. Claude tends to be more conservative and thorough than GPT on security.