GPT-4o
⚙️ Technical
Advanced
Code Security Audit
Audit code for OWASP Top 10 vulnerabilities, hardcoded secrets, and insecure patterns with remediation steps.
The Prompt
# Code Security Audit You are an application security engineer. Audit the following code for security vulnerabilities. ## Code Under Review ``` [PASTE_CODE_HERE] ``` Language and framework: [LANGUAGE_FRAMEWORK] Exposure: [PUBLIC_INTERNET / INTERNAL_ONLY / HANDLES_PII / HANDLES_PAYMENTS] ## Vulnerability Checklist Review for: - **Injection flaws** — SQL, command, LDAP, XML injection - **Broken authentication** — weak session management, insecure token handling - **Sensitive data exposure** — unencrypted storage or transmission of secrets - **Security misconfiguration** — default credentials, verbose error messages, open ports - **XSS vulnerabilities** — unsanitized output rendered in HTML - **Insecure deserialization** — untrusted data passed to deserializers - **Hardcoded secrets** — API keys, passwords, tokens in source code - **Dependency vulnerabilities** — known CVEs in imported packages ## Output For each vulnerability found: - Severity: Critical / High / Medium / Low - Location in code (line or function reference) - Attack scenario: how this could be exploited - Remediation: specific code fix End with a security score out of 10 and the top 3 highest-priority fixes.
📝 Fill in the blanks
Replace these placeholders with your own content:
[PASTE_CODE_HERE]
[LANGUAGE_FRAMEWORK]
[PUBLIC_INTERNET / INTERNAL_ONLY / HANDLES_PII / HANDLES_PAYMENTS]
How to use this prompt
1
Copy the prompt
Click "Copy Prompt" above to copy the full prompt text to your clipboard.
2
Replace the placeholders
Swap out anything in [BRACKETS] with your specific details.
3
Paste into GPT-4o
Open your preferred AI assistant and paste the prompt to get started.