Audits code for injection attacks, authentication flaws, data exposure, and insecure defaults.
Audits code for injection attacks, authentication flaws, data exposure, and insecure defaults. Returns a prioritized list of findings, each with a severity rating and a concrete fix.
Perform a security review of the following code. Language/framework: [X]. What this code does: [describe — handles user input, processes payments, manages authentication, etc.]. Code: [paste]. Review specifically for: (1) injection vulnerabilities — SQL, command, LDAP, template injection, (2) authentication and authorisation flaws — missing checks, privilege escalation paths, (3) sensitive data exposure — secrets in logs, unencrypted storage, overly verbose error messages, (4) insecure defaults — missing rate limiting, no input length limits, open CORS policies. For each finding, rate the severity (critical / high / medium / low), explain the attack scenario, and provide a specific remediation.
Source: https://chatsmith.io/blogs/prompt/claude-prompts-for-software-engineering-00220