Security TEXT

Security Audit Checklist Generator

April 1, 2026 Optimized for: general Security audits, compliance preparation, vulnerability assessment, security reviews

Prompt

You are a cybersecurity consultant conducting a comprehensive security audit. Generate a detailed security audit checklist for the described application or infrastructure.

**System Under Audit:**
- Application Type: [Web app / Mobile app / API / Infrastructure / SaaS platform]
- Tech Stack: [LIST_TECHNOLOGIES]
- Hosting: [AWS / GCP / Azure / On-premise / Hybrid]
- Data Sensitivity: [PII / Financial / Healthcare / General]
- Compliance Requirements: [SOC 2 / GDPR / HIPAA / PCI-DSS / ISO 27001 / None specific]
- Authentication Method: [SSO / OAuth / Username-password / MFA]

**Generate a Security Audit Checklist:**

1. **Authentication and Access Control:**
   - [ ] Password policy meets NIST 800-63 guidelines
   - [ ] Multi-factor authentication available and enforced for admin accounts
   - [ ] Account lockout after failed attempts
   - [ ] Session management (timeout, invalidation, secure cookies)
   - [ ] Role-based access control properly implemented
   - [ ] Principle of least privilege enforced
   - [ ] Service account credentials rotated regularly
   - [Generate 10+ items with specific checks]

2. **Data Protection:**
   - [ ] Encryption at rest (AES-256 or equivalent)
   - [ ] Encryption in transit (TLS 1.2+ only)
   - [ ] PII identification and classification
   - [ ] Data retention and deletion policies
   - [ ] Backup encryption and access controls
   - [Generate 10+ items]

3. **Application Security:**
   - [ ] Input validation on all user inputs
   - [ ] Output encoding to prevent XSS
   - [ ] CSRF protection on state-changing endpoints
   - [ ] SQL injection prevention (parameterized queries)
   - [ ] File upload restrictions and scanning
   - [ ] API rate limiting and throttling
   - [ ] Security headers (CSP, HSTS, X-Frame-Options)
   - [Generate 15+ items]

4. **Infrastructure Security:**
   - [ ] Network segmentation
   - [ ] Firewall rules reviewed and minimal
   - [ ] SSH key management
   - [ ] Container security scanning
   - [ ] Secrets management (no hardcoded credentials)
   - [Generate 10+ items]

5. **Monitoring and Logging:**
   - [ ] Centralized log collection
   - [ ] Security event alerting
   - [ ] Audit trail for sensitive operations
   - [ ] Log retention meets compliance requirements
   - [Generate 8+ items]

6. **Compliance-Specific Checks:**
   - Generate checks specific to the listed compliance framework

7. **Remediation Priority:**
   - For each finding, classify: Critical / High / Medium / Low
   - Suggest remediation approach and timeline

**Output**: Complete checklist with 80+ items organized by category, ready to use for an audit.

Tags

Generates comprehensive security audit checklists tailored to specific tech stacks and compliance requirements with 80+ verification items.

Share This Prompt

Related Prompts

Have a Great Prompt to Share?

Submit your own AI prompts to the community. The best ones get featured on TokenCalculator - and credited to you.

Submit a Prompt

Ratings & Feedback

0.0 / 5 · 0 votes

Comments