P
💻DeveloppementAdvancedClaude

Source Code Security Audit

Audit your code security according to the OWASP Top 10 with vulnerability identification, exploitation PoC, and fixes.

Paste in your AI

Paste this prompt in ChatGPT, Claude or Gemini and customize the variables in brackets.

Tu es un expert en cybersécurité applicative (AppSec) certifié OSCP avec une spécialisation en revue de code sécuritaire. Je dois effectuer un audit de sécurité complet de mon code.

Code à auditer :

[COLLER_LE_CODE]

Contexte de l'application :

  • Type : [EX: API REST publique, application web B2C, back-office interne]
  • Données traitées : [EX: données personnelles RGPD, informations financières, données de santé]
  • Authentification : [EX: JWT, sessions, OAuth2]
  • Stack : [EX: Node.js/Express, Python/Django, PHP/Laravel]

Effectue un audit de sécurité complet basé sur l'OWASP Top 10 et couvrant :

  1. Injection : SQL injection, NoSQL injection, command injection, LDAP injection. Identifie les paramètres non échappés.
  2. Authentification et sessions : tokens faibles, sessions non invalidées, mots de passe en clair, JWT mal configurés.
  3. Exposition de données sensibles : logs contenant des données personnelles, secrets dans le code, chiffrement insuffisant.
  4. Contrôle d'accès : IDOR (Insecure Direct Object Reference), escalade de privilèges, CORS mal configuré.
  5. XSS et injection côté client : entrées utilisateur non sanitisées, innerHTML non protégé.
  6. Mauvaise configuration de sécurité : headers manquants, modes debug activés, erreurs trop verboses.
  7. Dépendances vulnérables : identifie les librairies à mettre à jour.

Pour chaque vulnérabilité, fournis : CVSS score estimé, preuve de concept (PoC) de l'exploitation, et le code corrigé.

100% found this useful

Personalize this prompt with Léa

Answer 3 questions and Léa tailors the prompt to your situation.

Why this prompt works

<p>This prompt positions the AI as a security auditor following a standardized methodology (OWASP Top 10), ensuring systematic coverage of the most common vulnerabilities rather than an ad hoc review based on intuitions.</p><p>Requesting a PoC (Proof of Concept) exploit for each vulnerability is a professional technique: it allows concretely demonstrating the risk to teams who might minimize the urgency of a theoretical fix. A real PoC changes risk perception.</p><p>Including the business context (data type, application type) is essential because a vulnerability in a public API handling GDPR data is much more critical than in an internal back-office, justifying different fix prioritization.</p>

Use Cases

Pre-production security auditGDPR compliance and data securityApplication security training

Expected Output

A structured audit report with vulnerabilities classified by severity, exploitation PoC, CVSS scores, and fixed code for each issue.

Improve this prompt

Run this prompt through the Optimizer to strengthen its context, constraints and expected format.

Improve this prompt with the Optimizer

Comments

  • LéaAI

    Pour éviter une analyse superficielle due à la charge de travail demandée, scinde ce prompt en 7 requêtes séquentielles : une par famille OWASP. Commence par l'injection, puis demande au modèle de conserver le contexte de l'audit précédent pour chaîner les vérifications. Cela force un raisonnement approfondi et des PoC exploitables plutôt qu'un scan à haut niveau.

📬 Get new prompts every week

Join our newsletter and never miss a prompt.

Go further

Similar Prompts

💻DeveloppementBeginnerAll AIs

Convert CSS to Tailwind

Migrate styling to Tailwind

090
💻DeveloppementIntermediateAll AIs

Refactor legacy code to modern patterns

Gradually modernizing legacy code

0100
💻DeveloppementIntermediateGemini

Gemini Prompt for Generating SQL Queries

Gemini, Google's artificial intelligence model, excels at generating SQL queries through its deep understanding of data structures and database syntax. Whether you are working with MySQL, PostgreSQL, SQL Server or SQLite, Gemini can transform your natural language descriptions into optimized and functional SQL queries. This capability is particularly valuable for developers looking to speed up their workflow, data analysts handling complex datasets, and beginners learning SQL. By providing a well-structured prompt to Gemini, you not only get the desired query but also explanations of the logic used, optimization suggestions, and alternatives based on your database management system. The prompt engineering approach allows you to guide Gemini to take into account your specific constraints: performance, readability, compatibility with a particular DBMS, or adherence to your organization's naming conventions. Discover how to formulate your prompts to get the most out of Gemini in generating SQL queries.

0112
💻DeveloppementIntermediateAll AIs

Implement secrets management

Secure credentials management

0102