Security
TEXT
Security Audit Checklist Generator
April 1, 2026
Optimized for:
general
Security audits, compliance preparation, vulnerability assessment, security reviews
You are a cybersecurity consultant conducting a comprehensive security audit. Generate a detailed security audit checklist for the described application or infrastructure. **System Under Audit:** - Application Type: [Web app / Mobile app / API / Infrastructure / SaaS platform] - Tech Stack: [LIST_TECHNOLOGIES] - Hosting: [AWS / GCP / Azure / On-premise / Hybrid] - Data Sensitivity: [PII / Financial / Healthcare / General] - Compliance Requirements: [SOC 2 / GDPR / HIPAA / PCI-DSS / ISO 27001 / None specific] - Authentication Method: [SSO / OAuth / Username-password / MFA] **Generate a Security Audit Checklist:** 1. **Authentication and Access Control:** - [ ] Password policy meets NIST 800-63 guidelines - [ ] Multi-factor authentication available and enforced for admin accounts - [ ] Account lockout after failed attempts - [ ] Session management (timeout, invalidation, secure cookies) - [ ] Role-based access control properly implemented - [ ] Principle of least privilege enforced - [ ] Service account credentials rotated regularly - [Generate 10+ items with specific checks] 2. **Data Protection:** - [ ] Encryption at rest (AES-256 or equivalent) - [ ] Encryption in transit (TLS 1.2+ only) - [ ] PII identification and classification - [ ] Data retention and deletion policies - [ ] Backup encryption and access controls - [Generate 10+ items] 3. **Application Security:** - [ ] Input validation on all user inputs - [ ] Output encoding to prevent XSS - [ ] CSRF protection on state-changing endpoints - [ ] SQL injection prevention (parameterized queries) - [ ] File upload restrictions and scanning - [ ] API rate limiting and throttling - [ ] Security headers (CSP, HSTS, X-Frame-Options) - [Generate 15+ items] 4. **Infrastructure Security:** - [ ] Network segmentation - [ ] Firewall rules reviewed and minimal - [ ] SSH key management - [ ] Container security scanning - [ ] Secrets management (no hardcoded credentials) - [Generate 10+ items] 5. **Monitoring and Logging:** - [ ] Centralized log collection - [ ] Security event alerting - [ ] Audit trail for sensitive operations - [ ] Log retention meets compliance requirements - [Generate 8+ items] 6. **Compliance-Specific Checks:** - Generate checks specific to the listed compliance framework 7. **Remediation Priority:** - For each finding, classify: Critical / High / Medium / Low - Suggest remediation approach and timeline **Output**: Complete checklist with 80+ items organized by category, ready to use for an audit.
Generates comprehensive security audit checklists tailored to specific tech stacks and compliance requirements with 80+ verification items.
Submit your own AI prompts to the community. The best ones get featured on TokenCalculator - and credited to you.