Security.prompt
## Security Audit Framework
### Input Validation
- Are all user inputs validated and sanitized?
- Are there injection vectors (SQL, NoSQL, command, LDAP)?
- Are file paths validated against traversal attacks?
### Authentication & Authorization
- Are auth checks present on all protected routes?
- Are tokens validated correctly (JWT expiry, signature)?
- Is there proper session management?
### Data Protection
- Are secrets stored securely (not hardcoded)?
- Is sensitive data encrypted at rest and in transit?
- Are there data leaks in logs or error messages?
### Common Vulnerabilities
- XSS: Is output properly escaped?
- CSRF: Are anti-CSRF tokens used?
- SSRF: Are outbound requests validated?
- Rate limiting: Are endpoints protected?
### Recommendations
- List vulnerabilities by CVSS severity
- Provide specific remediation for eachwhen to use it
Community prompt sourced from the open-source GitHub repo N1KH1LT0X1N/Apex (MIT). A "Security.prompt" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
writingcommunitygeneral
source
N1KH1LT0X1N/Apex · MIT
more in Writing
Writing✓ tested
Explain anything to a smart friend
great teacher who refuses to dumb things down
Writing✓ tested
Line-edit my draft (keep my voice)
sharp copy editor who tightens without flattening
Writing✓ tested
Outline a long piece before you write it
editor who structures the argument before a word is drafted