AI Prompts for Identifying Security Vulnerabilities in Code

20 of the best prompts for identifying security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.

AI Prompts for Identifying Security Vulnerabilities in Code

20 of the best prompts for identifying security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.

Scroll to explore

Getting Identifying Security Vulnerabilities in Code right takes more than a single prompt. This 4-stage guide covers Diagnose the Wall, Isolate and Fix, Verify the Resolution, and more, breaking the whole process into focused steps where each prompt builds on the last. Generated code may introduce SQL injection, XSS, or path traversal vulnerabilities, which can compromise application security. If left unaddressed, these vulnerabilities can lead to data breaches and loss of user trust. By following this guide, developers can ensure their applications are secure and robust against common web vulnerabilities. Every prompt is optimized and runs in ChatGPT, Claude, and Gemini.

Diagnose the Wall

Check the output logs for any warnings or errors related to security vulnerabilities, especially during code generation. Focus on the generated SQL queries and user input handling.

Quote Generated SQL Queries

Please quote the exact SQL query generated in the last output. Identify any user inputs within the query that are not properly sanitized and highlight the specific line where the potential vulnerability may occur. Additionally, provide a brief explanation of why this represents a security risk and suggest how to properly sanitize the inputs to mitigate the vulnerability.

Diagnose the Wall

Paste Security Logs

Please analyze the following security logs from the last build output: [SECURITY LOGS]. Focus specifically on entries that indicate potential SQL injection or XSS vulnerabilities. For each identified entry, provide context around it, including the nature of the vulnerability, potential impact, and any recommendations for mitigation. Format your response as a detailed report with sections for each vulnerability identified.

Diagnose the Wall

Interpret Last Instruction

Please interpret the last instruction regarding security measures related to user inputs and database interactions. Explain your understanding of the security protocols that should be in place, including how you will validate and sanitize user inputs, and outline the steps you will take to ensure secure database interactions. Provide a detailed plan that includes potential vulnerabilities to watch for and the measures you will implement to mitigate these risks.

Diagnose the Wall

Expected vs. Actual Security Behavior

Please provide a detailed comparison of expected security behaviors versus the actual output in the context of security vulnerabilities. Specifically, outline how user inputs should be sanitized according to best practices, and then identify how the generated code deviates from these expectations. Format your response in a table with two columns: one for "Expected Security Behavior" and another for "Actual Output Deviation," and include examples where applicable.

Diagnose the Wall

Identify Violated Security Constraints

Please analyze the last output for security vulnerabilities and identify the specific security constraints that were violated. For each violation, quote the exact clause from the security guidelines that was not adhered to during the code generation process. Present your findings in a structured format, including the violation description and the corresponding guideline clause.

Diagnose the Wall

Isolate and Fix

Target the specific sections of code that are introducing vulnerabilities, particularly around user input handling and database queries.

Sanitize User Inputs

Please review the function located at [FILE] on line [LINE] and implement input sanitization for user inputs. Ensure that all inputs are properly validated and escaped before they are used in SQL queries. After making the necessary changes, provide the modified code along with a brief explanation of the sanitization methods used and their importance in preventing security vulnerabilities.

Isolate and Fix

Rewrite Vulnerable SQL Queries

Rewrite the SQL query located in [FILE] at line [LINE] to utilize parameterized statements instead of string concatenation. This change is crucial to prevent SQL injection vulnerabilities. Please present both the original query and the revised version side by side for comparison.

Isolate and Fix

Scope Changes to Security Functions

Please modify the function located at [FILE]:[LINE] to implement strict validation rules for user inputs. Ensure that only the expected formats and types are permitted. After making the changes, provide the updated code for the function along with a brief explanation of the modifications made and the reasoning behind enforcing these validation rules.

Isolate and Fix

Enforce Output Encoding

Please review the rendering function located at [FILE]:[LINE] and ensure that all output is properly encoded to prevent XSS attacks. Provide the updated code snippet that includes the necessary changes for secure output encoding. Additionally, explain why these changes are important for security.

Isolate and Fix

Correct Path Traversal Logic

Review the file handling logic in [FILE] at line [LINE] to identify and correct any path traversal vulnerabilities. Explain how the current implementation allows for potential manipulation of file paths by user inputs. Provide the corrected code logic along with a brief explanation of how it mitigates the identified vulnerabilities.

Isolate and Fix

Verify the Resolution

Confirm that the security vulnerabilities have been addressed and that the application behaves as expected without introducing new issues.

Run Security Tests

Please run a security test on the application to verify that SQL injection and XSS vulnerabilities have been resolved. Include detailed test results, highlighting any remaining issues or vulnerabilities discovered during the testing process. Format the output as a summary report, including the specific tests conducted, their outcomes, and recommendations for any further actions needed.

Verify the Resolution

Show Code Diff for Changes

Please provide the code diff for the changes made to [FILE] that address security vulnerabilities. Ensure to highlight any lines that were added or modified in the code. Additionally, include a brief explanation of the significance of these changes in relation to improving security.

Verify the Resolution

Replay Vulnerable Scenario

Please replay the scenario that previously exposed vulnerabilities in the application. Confirm whether the application still exhibits the same security issues by providing a detailed analysis of the results. Include any discrepancies found, the steps taken during the replay, and a summary of the current security status in your report.

Verify the Resolution

Check Edge Cases for Security

Please verify the resolution of security vulnerabilities by testing edge cases related to user inputs in the application. Identify any unexpected behaviors that may indicate potential security issues and document your findings in a report. Include specific examples of the edge cases tested, the results of each test, and recommendations for addressing any vulnerabilities discovered.

Verify the Resolution

Confirm Output State

Please verify the security status of the output from [FILE]. Confirm whether it is now secure and does not expose any vulnerabilities. Include a detailed report of the output state, highlighting any potential issues that were identified and how they were resolved, along with recommendations for maintaining security moving forward.

Verify the Resolution

Prevent Recurrence

Implement reusable artefacts that ensure security best practices are followed in future code generations.

Input Validation Constraint

Before generating code, validate all user inputs against a strict schema. If any input fails validation, stop and alert the developer before continuing. Never generate code without input validation.

Prevent Recurrence

Security Best Practices Template

Create a conversation-starter template that outlines essential security best practices. Include the following points: 'Always sanitize user inputs, use parameterized queries, and encode outputs.' Additionally, specify that if any of these practices are not followed, the system should stop and notify the developer. Format this as a checklist for easy reference, ensuring clarity and conciseness in each item.

Prevent Recurrence

Security Review Message

Draft a project specification message that mandates security reviews for all code before deployment. The message should clearly state: "All code must undergo a security review before deployment. This review must include checks for SQL injection, XSS, and path traversal vulnerabilities." Ensure the message is concise and emphasizes the importance of security in the development process.

Prevent Recurrence

Naming Convention for Secure Functions

Establish a naming convention for functions that handle user inputs to enhance security. All functions that process user inputs must start with 'SECURE_' to indicate they include validation and sanitization. Please provide a detailed guideline on how to implement this naming convention, including examples of function names that adhere to this standard and any additional best practices for secure coding.

Prevent Recurrence

Self-Check for Security Compliance

Create a self-check request for the agent to run before code generation. The request should ensure that all security constraints are met. If any constraints are violated, the agent should stop the process and report the specific issues found. Format the self-check request as follows: 'Before code generation, check that all security constraints are met. If any constraints are violated, stop and report the issue.'

Prevent Recurrence

Frequently asked questions

How can I prevent SQL injection in my Bolt app?+

Ensure that all SQL queries use parameterized statements. Bolt's code generation may not automatically enforce this, so you must explicitly define this in your database interaction functions.

What should I do if I encounter XSS vulnerabilities?+

Always encode output when rendering user inputs in your Bolt app. If the generated code does not include output encoding, it can lead to XSS vulnerabilities.

How does Bolt handle user input validation?+

Bolt may not enforce strict input validation by default, which can lead to vulnerabilities. You should implement validation checks explicitly in your code to ensure security.

What are common pitfalls in Bolt regarding security?+

Common pitfalls include failing to sanitize user inputs and not using secure coding practices. Bolt's sandboxed environment may not catch these issues unless explicitly addressed.

How can I ensure my app is secure before deployment?+

Run security tests and code reviews before deployment. Bolt does not automatically check for vulnerabilities, so it's crucial to implement these checks manually.