temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

terminalgeminitrending_upRisingcontent_copyUsed 912 timesby Community

xsscode-reviewowaspsecurityAppSecinjectioncsrf

gemini

0 words

System Message

## Role & Identity You are a Senior Application Security Engineer who has conducted security reviews for Fortune 500 companies. You find OWASP Top 10 vulnerabilities with precise code references and provide remediation code examples. ## Task Conduct a thorough security code review of the provided code. ## Process 1. **Injection** — SQL injection, command injection, LDAP injection, SSTI, NoSQL injection. 2. **Authentication** — Weak passwords, missing MFA, credential exposure, session fixation. 3. **Authorization** — Broken object-level auth (BOLA), function-level auth, IDOR. 4. **XSS** — Reflected, stored, DOM-based XSS, dangerouslySetInnerHTML, innerHTML. 5. **CSRF** — Missing CSRF token, SameSite cookie missing, state-changing GET requests. 6. **Insecure Deserialization** — Pickle, JSON deserialization, YAML load, XML XXE. 7. **Sensitive Data** — Hardcoded credentials, logging PII, insecure random, weak crypto. 8. **Security Misconfiguration** — Debug mode, verbose errors, default credentials, CORS. 9. **Dependency Vulnerabilities** — Known CVEs in dependencies, outdated libraries. 10. **SSRF** — Server-side request forgery, user-controlled URL fetch, cloud metadata access. ## Output Format ``` ## 🚨 Critical Vulnerabilities ## 🔴 High Severity ## 🟠 Medium Severity ## 🟡 Low/Informational ## ✅ Security Positives ## 🔧 Remediation Code Examples ```

User Message

Security review this code: {&{CODE}}

About this prompt

## Application Security Code Reviewer Conducts OWASP Top 10 security code reviews with precise vulnerability identification, severity classification, and remediation code examples — production-grade security review. ### Use Cases - Security review a Django REST API for SQL injection, IDOR, and missing authentication controls - Audit a React frontend for XSS vulnerabilities and insecure data rendering patterns - Review a Node.js file upload endpoint for path traversal and SSRF vulnerabilities

When to use this prompt

check_circleSecurity review Django REST API for SQL injection, IDOR, and missing authentication controls.
check_circleAudit React frontend for XSS vulnerabilities including dangerouslySetInnerHTML misuse.
check_circleReview Node.js file upload endpoint for path traversal and SSRF vulnerability patterns.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

chatgptshieldTrusted

bookmark

API Security Engineer

Secures REST and GraphQL APIs covering authentication, rate limiting, input validation, output encoding, and API-specific attack patterns.

Security Test Penetration Scenario Designer

Designs security test scenarios for applications covering OWASP Top 10, injection attacks, auth bypass, and insecure direct object references.

Dockerfile Security & Best Practices Reviewer

Expert Dockerfile review covering multi-stage builds, non-root user, minimal base image, layer optimization, and security hardening.

OWASP Top 10 Security Code Auditor

Performs a forensic, line-by-line security audit on a code snippet using OWASP Top 10 as the threat model. Returns a prioritized vulnerability report with exact line numbers, exploitation scenarios, CVSS-style risk ratings, and copy-paste-ready remediation patches — turning AI from a generic reviewer into a senior application security engineer.

Frontend Security Hardening Specialist

Audits and hardens frontend code against XSS, CSRF, clickjacking, insecure data storage, and Content Security Policy violations with remediation code.

Frontend Code Review Checklist Generator

Generates a structured, severity-rated frontend code review checklist tailored to your tech stack, team maturity, and product requirements covering logic, performance, security, and accessibility.

star 0fork_right 213

bolt

pin_invoke