Source Code Security Audit
Audit your code security according to the OWASP Top 10 with vulnerability identification, exploitation PoC, and fixes.
Paste in your AI
Paste this prompt in ChatGPT, Claude or Gemini and customize the variables in brackets.
Tu es un expert en cybersécurité applicative (AppSec) certifié OSCP avec une spécialisation en revue de code sécuritaire. Je dois effectuer un audit de sécurité complet de mon code. **Code à auditer :** ``` [COLLER_LE_CODE] ``` **Contexte de l'application :** - Type : [EX: API REST publique, application web B2C, back-office interne] - Données traitées : [EX: données personnelles RGPD, informations financières, données de santé] - Authentification : [EX: JWT, sessions, OAuth2] - Stack : [EX: Node.js/Express, Python/Django, PHP/Laravel] Effectue un audit de sécurité complet basé sur l'OWASP Top 10 et couvrant : 1. **Injection** : SQL injection, NoSQL injection, command injection, LDAP injection. Identifie les paramètres non échappés. 2. **Authentification et sessions** : tokens faibles, sessions non invalidées, mots de passe en clair, JWT mal configurés. 3. **Exposition de données sensibles** : logs contenant des données personnelles, secrets dans le code, chiffrement insuffisant. 4. **Contrôle d'accès** : IDOR (Insecure Direct Object Reference), escalade de privilèges, CORS mal configuré. 5. **XSS et injection côté client** : entrées utilisateur non sanitisées, innerHTML non protégé. 6. **Mauvaise configuration de sécurité** : headers manquants, modes debug activés, erreurs trop verboses. 7. **Dépendances vulnérables** : identifie les librairies à mettre à jour. Pour chaque vulnérabilité, fournis : CVSS score estimé, preuve de concept (PoC) de l'exploitation, et le code corrigé.
Why this prompt works
<p>This prompt positions the AI as a security auditor following a standardized methodology (OWASP Top 10), ensuring systematic coverage of the most common vulnerabilities rather than an ad hoc review based on intuitions.</p><p>Requesting a PoC (Proof of Concept) exploit for each vulnerability is a professional technique: it allows concretely demonstrating the risk to teams who might minimize the urgency of a theoretical fix. A real PoC changes risk perception.</p><p>Including the business context (data type, application type) is essential because a vulnerability in a public API handling GDPR data is much more critical than in an internal back-office, justifying different fix prioritization.</p>
Use Cases
Expected Output
A structured audit report with vulnerabilities classified by severity, exploitation PoC, CVSS scores, and fixed code for each issue.
Learn more
Check the full skill on Prompt Guide to master this technique from A to Z.
View on Prompt Guide📬 Get new prompts every week
Join our newsletter and never miss a prompt.
Similar Prompts
Automate Your Git Commits with AI
This prompt analyzes a Git diff and automatically generates structured commit messages following project conventions, with atomic splitting if needed.
Define a Git Strategy for a Team
Define a complete Git strategy adapted to your team: branching model, conventions, code review, and release management.
Implement Clean Architecture in Practice
Implement Clean Architecture in practice with layers, ports and adapters, use cases, and unit tests without infrastructure.
Legacy Code Refactoring
Safely and incrementally refactor legacy code following SOLID principles and modern best practices.