securityadvanced
Security Code Audit
Performs a security-focused code review identifying vulnerabilities and fixes.
Prompt
Perform a security audit on the following {{language}} code:
```{{language}}
{{code}}
```
**Context**: {{context}} (web app, API, CLI, library)
**Framework**: {{framework}}
Check for these vulnerability classes:
1. **Injection**: SQL, NoSQL, command, LDAP, XPath, template injection
2. **Authentication/Authorization**: broken auth, missing authz checks, IDOR
3. **Data exposure**: sensitive data in logs/errors/responses, missing encryption
4. **Input validation**: missing/weak validation, type confusion, path traversal
5. **Cryptography**: weak algorithms, hardcoded keys, improper random generation
6. **Configuration**: debug mode, verbose errors, insecure defaults, CORS misconfiguration
7. **Dependencies**: known vulnerable patterns (even without scanning, flag risky usage)
8. **Business logic**: race conditions, TOCTOU, integer overflow, state manipulation
For each finding:
- **Severity**: Critical/High/Medium/Low/Informational
- **CWE ID**: if applicable
- **Location**: line number and code snippet
- **Impact**: what an attacker can achieve
- **Fix**: corrected code with explanationVariables
{{language}}{{code}}{{context}}{{framework}}
Use Cases
- Pre-release security review
- Secure code training
- Compliance audit preparation
Compatible Models
claude-sonnet-4-20250514gpt-4o
Tags
security-auditvulnerabilitycode-reviewappsec
Details
- Author
- PromptIndex
- Updated
- 2026-04-01
- Difficulty
- advanced
Related Prompts
- Threat Model Generator
Generates a STRIDE-based threat model for a system or feature.
- Dependency Risk Analyzer
Assesses the risk profile of project dependencies based on maintenance, popularity, and security history.
- Incident Response Playbook
Generates an incident response playbook for a specific type of security incident.