AI Prompts for Preventing Security Vulnerabilities in Code

20 of the best prompts for preventing security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.

AI Prompts for Preventing Security Vulnerabilities in Code

20 of the best prompts for preventing security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.

Scroll to explore

Claude Code can introduce SQL injection, XSS, or path traversal vulnerabilities, which can compromise application security. These vulnerabilities can lead to data breaches, unauthorized access, and other critical issues. These prompts help developers identify, fix, and prevent such vulnerabilities efficiently. Built across 4 distinct stages covering Diagnose the Wall, Isolate and Fix, Verify the Resolution and more, this guide gives you one expert prompt per step so you never have to write from scratch or guess what the AI needs. The prompts work in ChatGPT, Claude, and Gemini and are designed to get usable output on the first try.

Diagnose the Wall

Identify if the AI is introducing security vulnerabilities in the code.

Check for SQL Injection

Please review the following code for potential SQL injection vulnerabilities: [PASTE CODE]. Identify any unsafe SQL queries present in the code and provide a detailed explanation of why each identified query is vulnerable to SQL injection attacks. Additionally, suggest best practices or modifications that could be implemented to mitigate these vulnerabilities and enhance the overall security of the code. Format your response with clear headings for each vulnerability and suggested fixes.

Diagnose the Wall

Identify XSS Risks

Analyze the following HTML/JS code snippet for potential XSS (Cross-Site Scripting) vulnerabilities: [PASTE CODE]. Identify and highlight any unsafe patterns or practices within the code. For each identified risk, provide a detailed explanation of how it could be exploited and the potential impact on users or the application. Additionally, suggest best practices for mitigating these vulnerabilities to enhance security.

Diagnose the Wall

Detect Path Traversal

Examine the following file handling code for potential path traversal vulnerabilities: [PASTE CODE]. Identify any unsafe file path manipulations that could allow an attacker to access unauthorized files or directories. Provide a detailed analysis of each identified vulnerability, explaining how it can be exploited and suggesting best practices for securing the code against such vulnerabilities. Additionally, recommend any specific changes or improvements to enhance the security of the file handling process.

Diagnose the Wall

Review Input Validation

Please review the following input handling code: [PASTE CODE]. Identify any missing or weak validation mechanisms that could potentially lead to security vulnerabilities. Provide a detailed analysis of each issue you find, explaining why it is a concern and suggesting improvements or best practices to enhance the security of the input validation process. Your response should be structured in a clear format, listing each identified issue separately along with your recommendations.

Diagnose the Wall

Assess Output Encoding

Please evaluate the following code for proper output encoding practices to prevent cross-site scripting (XSS) vulnerabilities: [PASTE CODE]. Specifically, identify any areas where output encoding is lacking or improperly implemented. Provide a detailed analysis of the potential risks associated with these vulnerabilities and suggest best practices for improving the code's security. Include examples of how to properly encode output in the identified areas.

Diagnose the Wall

Isolate and Fix

Focus on correcting the identified vulnerabilities in the code.

Fix SQL Injection

Please rewrite the following SQL query to prevent SQL injection: [PASTE SQL QUERY]. Ensure that you use parameterized queries or prepared statements in your solution. Additionally, explain the changes you made and how they enhance the security of the query. Provide a brief overview of what SQL injection is and why these changes are necessary for preventing such vulnerabilities.

Isolate and Fix

Mitigate XSS

Please analyze the following HTML/JS code for potential XSS vulnerabilities: [PASTE CODE]. Provide a revised version of the code that eliminates these vulnerabilities by implementing proper escaping and sanitization techniques. Additionally, explain the changes made and why they are necessary for enhancing security. Ensure that the final code is functional and maintains the original intended behavior.

Isolate and Fix

Resolve Path Traversal

Refactor the following code to prevent path traversal vulnerabilities: [PASTE CODE]. Ensure that you implement safe path handling methods that validate and sanitize user input. Explain the changes made and how they enhance security against path traversal attacks. Additionally, provide examples of potential vulnerabilities in the original code and how your refactoring mitigates these risks.

Isolate and Fix

Enhance Input Validation

Please enhance the input validation in the following code: [PASTE CODE]. I need you to specify the exact validation rules that should be applied to ensure that all user inputs are properly sanitized and validated. Include checks for data types, length restrictions, allowed characters, and any other relevant criteria. Additionally, provide examples of how the validation rules can be implemented in the code, and explain the importance of each rule in preventing security vulnerabilities.

Isolate and Fix

Ensure Proper Encoding

Please review the following code for potential XSS vulnerabilities: [PASTE CODE]. Identify the necessary output encoding methods that should be applied to ensure proper security against XSS attacks. Explain each encoding method you recommend, including how it mitigates the risk of XSS, and provide examples of how to implement these methods in the code. Additionally, suggest any other security best practices that should be considered in this context.

Isolate and Fix

Verify the Resolution

Confirm that the vulnerabilities have been successfully addressed.

Test SQL Injection Fix

Please conduct a security test on the following SQL query to ensure that no SQL injection vulnerabilities are present: [PASTE UPDATED QUERY]. Provide a detailed analysis of the query's structure, highlighting any potential weaknesses or areas of concern. Additionally, include recommendations for further securing the query if any vulnerabilities are detected. Format your findings in a clear report that summarizes the results of the test and any suggested improvements.

Verify the Resolution

Validate XSS Protection

Please validate the XSS protection in the following modified HTML/JS code: [PASTE UPDATED CODE]. Conduct a thorough test to identify any remaining XSS vulnerabilities and provide a detailed report on the results. Include any specific issues found, recommendations for further improvements, and a summary of the overall security posture of the code. Ensure that your analysis covers various attack vectors that could potentially exploit XSS vulnerabilities.

Verify the Resolution

Check Path Traversal Fix

Please perform a security review of the refactored file handling code provided below to ensure that all path traversal vulnerabilities have been effectively addressed. Analyze the code for any potential weaknesses that could allow unauthorized access to the file system. Provide a detailed report highlighting any remaining issues, along with recommendations for further improvements. The code to review is: [PASTE UPDATED CODE].

Verify the Resolution

Confirm Input Validation

Please run a series of input validation tests on the following code: [PASTE UPDATED CODE]. Ensure that all user inputs are properly validated against common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and buffer overflows. Provide a detailed report on any vulnerabilities found, including the specific lines of code affected and recommendations for improving input validation. Additionally, summarize the overall security posture of the code based on the validation results.

Verify the Resolution

Verify Output Encoding

Please verify that the output encoding in the following code effectively prevents XSS vulnerabilities. The code to analyze is: [PASTE UPDATED CODE]. Provide a detailed assessment of the encoding methods used, explain how they mitigate XSS risks, and suggest any improvements if necessary. Additionally, include examples of potential XSS attacks that could occur if the encoding is inadequate.

Verify the Resolution

Prevent Recurrence

Create reusable rules and practices to avoid future vulnerabilities.

Add SQL Injection Rule

Please create a new rule for the CLAUDE.md documentation that outlines how to prevent SQL injection vulnerabilities in code. The rule should include a clear definition of SQL injection, common scenarios where it can occur, and best practices for mitigating these risks. Additionally, provide examples of safe coding practices and any specific coding patterns to avoid. Format the rule as a concise guideline that can be easily referenced by developers.

Prevent Recurrence

Create XSS Prevention Rule

Please draft a security rule in markdown format to prevent XSS (Cross-Site Scripting) vulnerabilities in future projects. The rule should include a clear definition of what XSS vulnerabilities are, common scenarios where they can occur, and specific coding practices or guidelines that developers should follow to avoid these vulnerabilities. Additionally, include examples of both vulnerable and secure code snippets to illustrate the correct implementation. Format the response as a markdown document with headings, bullet points, and code blocks for clarity.

Prevent Recurrence

Establish Path Handling Rule

Create a comprehensive rule for path handling in a web application to prevent path traversal vulnerabilities. The rule should include specific conditions that must be met to validate user input, ensuring that any file paths are sanitized and normalized before being processed. Additionally, outline the exact text of the rule, including examples of allowed and disallowed patterns, and explain how this rule can be integrated into the existing security framework. Ensure that the rule is clear and can be easily understood by developers implementing it.

Prevent Recurrence

Define Input Validation Standards

Help me define a set of input validation standards to enforce strong security practices in my application. The standards should cover: acceptable data types for user inputs, length restrictions for various fields, specific patterns for formats like email addresses and phone numbers, and guidelines for handling unexpected or malicious input. Additionally, include examples of valid and invalid inputs for each standard, and suggest best practices for implementing these rules in code. Format the response as a detailed markdown document that I can reference during development.

Prevent Recurrence

Set Output Encoding Guidelines

Please create a detailed guideline for output encoding that can be included in a CLAUDE.md document. The guideline should cover the importance of output encoding in preventing security vulnerabilities, specify the types of output encoding that should be used for different contexts (such as HTML, JavaScript, and URL encoding), and provide examples of correct and incorrect encoding practices. Additionally, include recommendations for regular audits and updates to these guidelines to ensure they remain effective. Format the output as a clear, structured document with headings and bullet points for easy reference.

Prevent Recurrence

Frequently asked questions

How does Claude Code introduce SQL injection vulnerabilities?+

Claude Code may generate SQL queries without using parameterized queries or prepared statements, leading to SQL injection risks. Always review generated SQL code for safe practices.

What causes XSS vulnerabilities in Claude Code outputs?+

XSS vulnerabilities can occur if Claude Code generates HTML/JS without proper escaping or sanitization. Ensure all user inputs are sanitized and outputs are encoded.

Why might Claude Code create path traversal issues?+

Path traversal issues arise if Claude Code generates file handling code that manipulates file paths unsafely. Validate and sanitize all file paths in your code.

How can I ensure input validation in Claude Code?+

Review the input handling code generated by Claude Code and apply strict validation rules. Use CLAUDE.md to enforce consistent validation practices.

What are the best practices for output encoding with Claude Code?+

Ensure that all outputs, especially those involving user data, are properly encoded. Use CLAUDE.md to set guidelines for consistent output encoding.