Coding TEXT

Security Audit Checklist (OWASP)

October 2, 2025 Optimized for: gpt-4o Security audits, penetration testing prep, compliance

Prompt

Security audit following OWASP Top 10:

**1. Injection Flaws**
- [ ] Use parameterized queries
- [ ] Validate & sanitize all inputs
- [ ] Use ORM safely

**2. Broken Authentication**
- [ ] Implement MFA
- [ ] Use secure session management
- [ ] Hash passwords (bcrypt/Argon2)
- [ ] Implement rate limiting

**3. Sensitive Data Exposure**
- [ ] Encrypt data at rest & in transit (TLS 1.3)
- [ ] Don't log sensitive data
- [ ] Use secure key management

**4. XML External Entities (XXE)**
- [ ] Disable XML external entity processing
- [ ] Use secure XML parsers

**5. Broken Access Control**
- [ ] Verify permissions server-side
- [ ] Implement RBAC/ABAC
- [ ] Test authorization logic

**6. Security Misconfiguration**
- [ ] Remove default credentials
- [ ] Disable directory listing
- [ ] Keep dependencies updated
- [ ] Use security headers (CSP, HSTS)

**7. XSS (Cross-Site Scripting)**
- [ ] Escape output
- [ ] Use Content Security Policy
- [ ] Sanitize HTML inputs

**8. Insecure Deserialization**
- [ ] Validate serialized data
- [ ] Use signing/encryption

**9. Using Components with Known Vulnerabilities**
- [ ] Regular dependency audits
- [ ] Automated security scanning
- [ ] Subscribe to security advisories

**10. Insufficient Logging & Monitoring**
- [ ] Log security events
- [ ] Monitor for anomalies
- [ ] Set up alerting

Tags

OWASP Top 10 security audit checklist for comprehensive application security.

Share This Prompt

Related Prompts

Have a Great Prompt to Share?

Submit your own AI prompts to the community. The best ones get featured on TokenCalculator - and credited to you.

Submit a Prompt

Ratings & Feedback

0.0 / 5 · 0 votes

Comments