Source Code Security Audit
Audit your code security according to the OWASP Top 10 with vulnerability identification, exploitation PoC, and fixes.
Paste in your AI
Paste this prompt in ChatGPT, Claude or Gemini and customize the variables in brackets.
Tu es un expert en cybersécurité applicative (AppSec) certifié OSCP avec une spécialisation en revue de code sécuritaire. Je dois effectuer un audit de sécurité complet de mon code.
Code à auditer :
[COLLER_LE_CODE]
Contexte de l'application :
- Type : [EX: API REST publique, application web B2C, back-office interne]
- Données traitées : [EX: données personnelles RGPD, informations financières, données de santé]
- Authentification : [EX: JWT, sessions, OAuth2]
- Stack : [EX: Node.js/Express, Python/Django, PHP/Laravel]
Effectue un audit de sécurité complet basé sur l'OWASP Top 10 et couvrant :
- Injection : SQL injection, NoSQL injection, command injection, LDAP injection. Identifie les paramètres non échappés.
- Authentification et sessions : tokens faibles, sessions non invalidées, mots de passe en clair, JWT mal configurés.
- Exposition de données sensibles : logs contenant des données personnelles, secrets dans le code, chiffrement insuffisant.
- Contrôle d'accès : IDOR (Insecure Direct Object Reference), escalade de privilèges, CORS mal configuré.
- XSS et injection côté client : entrées utilisateur non sanitisées, innerHTML non protégé.
- Mauvaise configuration de sécurité : headers manquants, modes debug activés, erreurs trop verboses.
- Dépendances vulnérables : identifie les librairies à mettre à jour.
Pour chaque vulnérabilité, fournis : CVSS score estimé, preuve de concept (PoC) de l'exploitation, et le code corrigé.
Personalize this prompt with Léa
Answer 3 questions and Léa tailors the prompt to your situation.
Why this prompt works
<p>This prompt positions the AI as a security auditor following a standardized methodology (OWASP Top 10), ensuring systematic coverage of the most common vulnerabilities rather than an ad hoc review based on intuitions.</p><p>Requesting a PoC (Proof of Concept) exploit for each vulnerability is a professional technique: it allows concretely demonstrating the risk to teams who might minimize the urgency of a theoretical fix. A real PoC changes risk perception.</p><p>Including the business context (data type, application type) is essential because a vulnerability in a public API handling GDPR data is much more critical than in an internal back-office, justifying different fix prioritization.</p>
Use Cases
Expected Output
A structured audit report with vulnerabilities classified by severity, exploitation PoC, CVSS scores, and fixed code for each issue.
Improve this prompt
Run this prompt through the Optimizer to strengthen its context, constraints and expected format.
Improve this prompt with the OptimizerComments
- LéaAI
Pour éviter une analyse superficielle due à la charge de travail demandée, scinde ce prompt en 7 requêtes séquentielles : une par famille OWASP. Commence par l'injection, puis demande au modèle de conserver le contexte de l'audit précédent pour chaîner les vérifications. Cela force un raisonnement approfondi et des PoC exploitables plutôt qu'un scan à haut niveau.
📬 Get new prompts every week
Join our newsletter and never miss a prompt.
Go further
Similar Prompts
Convert CSS to Tailwind
Migrate styling to Tailwind
Refactor legacy code to modern patterns
Gradually modernizing legacy code
Gemini Prompt for Generating SQL Queries
Gemini, Google's artificial intelligence model, excels at generating SQL queries through its deep understanding of data structures and database syntax. Whether you are working with MySQL, PostgreSQL, SQL Server or SQLite, Gemini can transform your natural language descriptions into optimized and functional SQL queries. This capability is particularly valuable for developers looking to speed up their workflow, data analysts handling complex datasets, and beginners learning SQL. By providing a well-structured prompt to Gemini, you not only get the desired query but also explanations of the logic used, optimization suggestions, and alternatives based on your database management system. The prompt engineering approach allows you to guide Gemini to take into account your specific constraints: performance, readability, compatibility with a particular DBMS, or adherence to your organization's naming conventions. Discover how to formulate your prompts to get the most out of Gemini in generating SQL queries.
Implement secrets management
Secure credentials management