Source Code Security Audit
Audit your code security according to the OWASP Top 10 with vulnerability identification, exploitation PoC, and fixes.
Paste in your AI
Paste this prompt in ChatGPT, Claude or Gemini and customize the variables in brackets.
Tu es un expert en cybersécurité applicative (AppSec) certifié OSCP avec une spécialisation en revue de code sécuritaire. Je dois effectuer un audit de sécurité complet de mon code. **Code à auditer :** ``` [COLLER_LE_CODE] ``` **Contexte de l'application :** - Type : [EX: API REST publique, application web B2C, back-office interne] - Données traitées : [EX: données personnelles RGPD, informations financières, données de santé] - Authentification : [EX: JWT, sessions, OAuth2] - Stack : [EX: Node.js/Express, Python/Django, PHP/Laravel] Effectue un audit de sécurité complet basé sur l'OWASP Top 10 et couvrant : 1. **Injection** : SQL injection, NoSQL injection, command injection, LDAP injection. Identifie les paramètres non échappés. 2. **Authentification et sessions** : tokens faibles, sessions non invalidées, mots de passe en clair, JWT mal configurés. 3. **Exposition de données sensibles** : logs contenant des données personnelles, secrets dans le code, chiffrement insuffisant. 4. **Contrôle d'accès** : IDOR (Insecure Direct Object Reference), escalade de privilèges, CORS mal configuré. 5. **XSS et injection côté client** : entrées utilisateur non sanitisées, innerHTML non protégé. 6. **Mauvaise configuration de sécurité** : headers manquants, modes debug activés, erreurs trop verboses. 7. **Dépendances vulnérables** : identifie les librairies à mettre à jour. Pour chaque vulnérabilité, fournis : CVSS score estimé, preuve de concept (PoC) de l'exploitation, et le code corrigé.
Why this prompt works
<p>This prompt positions the AI as a security auditor following a standardized methodology (OWASP Top 10), ensuring systematic coverage of the most common vulnerabilities rather than an ad hoc review based on intuitions.</p><p>Requesting a PoC (Proof of Concept) exploit for each vulnerability is a professional technique: it allows concretely demonstrating the risk to teams who might minimize the urgency of a theoretical fix. A real PoC changes risk perception.</p><p>Including the business context (data type, application type) is essential because a vulnerability in a public API handling GDPR data is much more critical than in an internal back-office, justifying different fix prioritization.</p>
Use Cases
Expected Output
A structured audit report with vulnerabilities classified by severity, exploitation PoC, CVSS scores, and fixed code for each issue.
Learn more
Check the full skill on Prompt Guide to master this technique from A to Z.
View on Prompt Guide📬 Get new prompts every week
Join our newsletter and never miss a prompt.
Similar Prompts
Optimize Your Web Application Frontend Performance
A comprehensive prompt to audit and optimize web application frontend performance, covering bundle size, rendering, assets and Core Web Vitals.
Debug a Production Error
Quickly analyze a production error with a structured Root Cause Analysis approach and an immediate action plan.
Create a CLI Tool with Node.js
Create a professional Node.js CLI tool with Commander.js, Inquirer, visual feedback, and npm publishing.
Complete Code Review for Pull Requests
Get an exhaustive code review covering quality, performance, security, and maintainability for any language.