Coding
TEXT
Security Audit Checklist (OWASP)
October 2, 2025
Optimized for:
gpt-4o
Security audits, penetration testing prep, compliance
Security audit following OWASP Top 10: **1. Injection Flaws** - [ ] Use parameterized queries - [ ] Validate & sanitize all inputs - [ ] Use ORM safely **2. Broken Authentication** - [ ] Implement MFA - [ ] Use secure session management - [ ] Hash passwords (bcrypt/Argon2) - [ ] Implement rate limiting **3. Sensitive Data Exposure** - [ ] Encrypt data at rest & in transit (TLS 1.3) - [ ] Don't log sensitive data - [ ] Use secure key management **4. XML External Entities (XXE)** - [ ] Disable XML external entity processing - [ ] Use secure XML parsers **5. Broken Access Control** - [ ] Verify permissions server-side - [ ] Implement RBAC/ABAC - [ ] Test authorization logic **6. Security Misconfiguration** - [ ] Remove default credentials - [ ] Disable directory listing - [ ] Keep dependencies updated - [ ] Use security headers (CSP, HSTS) **7. XSS (Cross-Site Scripting)** - [ ] Escape output - [ ] Use Content Security Policy - [ ] Sanitize HTML inputs **8. Insecure Deserialization** - [ ] Validate serialized data - [ ] Use signing/encryption **9. Using Components with Known Vulnerabilities** - [ ] Regular dependency audits - [ ] Automated security scanning - [ ] Subscribe to security advisories **10. Insufficient Logging & Monitoring** - [ ] Log security events - [ ] Monitor for anomalies - [ ] Set up alerting
OWASP Top 10 security audit checklist for comprehensive application security.
Submit your own AI prompts to the community. The best ones get featured on TokenCalculator - and credited to you.