20 of the best prompts for preventing security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.
20 of the best prompts for preventing security vulnerabilities in code, step by step across 4 stages. Works with ChatGPT, Claude, and Gemini.
Claude Code can introduce SQL injection, XSS, or path traversal vulnerabilities, which can compromise application security. These vulnerabilities can lead to data breaches, unauthorized access, and other critical issues. These prompts help developers identify, fix, and prevent such vulnerabilities efficiently. Built across 4 distinct stages covering Diagnose the Wall, Isolate and Fix, Verify the Resolution and more, this guide gives you one expert prompt per step so you never have to write from scratch or guess what the AI needs. The prompts work in ChatGPT, Claude, and Gemini and are designed to get usable output on the first try.
Identify if the AI is introducing security vulnerabilities in the code.
Check for SQL Injection
Please review the following code for potential SQL injection vulnerabilities: [PASTE CODE]. Identify any unsafe SQL queries present in the code and provide a detailed explanation of why each identified query is vulnerable to SQL injection attacks. Additionally, suggest best practices or modifications that could be implemented to mitigate these vulnerabilities and enhance the overall security of the code. Format your response with clear headings for each vulnerability and suggested fixes.
Identify XSS Risks
Analyze the following HTML/JS code snippet for potential XSS (Cross-Site Scripting) vulnerabilities: [PASTE CODE]. Identify and highlight any unsafe patterns or practices within the code. For each identified risk, provide a detailed explanation of how it could be exploited and the potential impact on users or the application. Additionally, suggest best practices for mitigating these vulnerabilities to enhance security.
Detect Path Traversal
Examine the following file handling code for potential path traversal vulnerabilities: [PASTE CODE]. Identify any unsafe file path manipulations that could allow an attacker to access unauthorized files or directories. Provide a detailed analysis of each identified vulnerability, explaining how it can be exploited and suggesting best practices for securing the code against such vulnerabilities. Additionally, recommend any specific changes or improvements to enhance the security of the file handling process.
Review Input Validation
Please review the following input handling code: [PASTE CODE]. Identify any missing or weak validation mechanisms that could potentially lead to security vulnerabilities. Provide a detailed analysis of each issue you find, explaining why it is a concern and suggesting improvements or best practices to enhance the security of the input validation process. Your response should be structured in a clear format, listing each identified issue separately along with your recommendations.
Assess Output Encoding
Please evaluate the following code for proper output encoding practices to prevent cross-site scripting (XSS) vulnerabilities: [PASTE CODE]. Specifically, identify any areas where output encoding is lacking or improperly implemented. Provide a detailed analysis of the potential risks associated with these vulnerabilities and suggest best practices for improving the code's security. Include examples of how to properly encode output in the identified areas.
Focus on correcting the identified vulnerabilities in the code.
Fix SQL Injection
Please rewrite the following SQL query to prevent SQL injection: [PASTE SQL QUERY]. Ensure that you use parameterized queries or prepared statements in your solution. Additionally, explain the changes you made and how they enhance the security of the query. Provide a brief overview of what SQL injection is and why these changes are necessary for preventing such vulnerabilities.
Mitigate XSS
Please analyze the following HTML/JS code for potential XSS vulnerabilities: [PASTE CODE]. Provide a revised version of the code that eliminates these vulnerabilities by implementing proper escaping and sanitization techniques. Additionally, explain the changes made and why they are necessary for enhancing security. Ensure that the final code is functional and maintains the original intended behavior.
Resolve Path Traversal
Refactor the following code to prevent path traversal vulnerabilities: [PASTE CODE]. Ensure that you implement safe path handling methods that validate and sanitize user input. Explain the changes made and how they enhance security against path traversal attacks. Additionally, provide examples of potential vulnerabilities in the original code and how your refactoring mitigates these risks.
Enhance Input Validation
Please enhance the input validation in the following code: [PASTE CODE]. I need you to specify the exact validation rules that should be applied to ensure that all user inputs are properly sanitized and validated. Include checks for data types, length restrictions, allowed characters, and any other relevant criteria. Additionally, provide examples of how the validation rules can be implemented in the code, and explain the importance of each rule in preventing security vulnerabilities.
Ensure Proper Encoding
Please review the following code for potential XSS vulnerabilities: [PASTE CODE]. Identify the necessary output encoding methods that should be applied to ensure proper security against XSS attacks. Explain each encoding method you recommend, including how it mitigates the risk of XSS, and provide examples of how to implement these methods in the code. Additionally, suggest any other security best practices that should be considered in this context.
Confirm that the vulnerabilities have been successfully addressed.
Test SQL Injection Fix
Please conduct a security test on the following SQL query to ensure that no SQL injection vulnerabilities are present: [PASTE UPDATED QUERY]. Provide a detailed analysis of the query's structure, highlighting any potential weaknesses or areas of concern. Additionally, include recommendations for further securing the query if any vulnerabilities are detected. Format your findings in a clear report that summarizes the results of the test and any suggested improvements.
Validate XSS Protection
Please validate the XSS protection in the following modified HTML/JS code: [PASTE UPDATED CODE]. Conduct a thorough test to identify any remaining XSS vulnerabilities and provide a detailed report on the results. Include any specific issues found, recommendations for further improvements, and a summary of the overall security posture of the code. Ensure that your analysis covers various attack vectors that could potentially exploit XSS vulnerabilities.
Check Path Traversal Fix
Please perform a security review of the refactored file handling code provided below to ensure that all path traversal vulnerabilities have been effectively addressed. Analyze the code for any potential weaknesses that could allow unauthorized access to the file system. Provide a detailed report highlighting any remaining issues, along with recommendations for further improvements. The code to review is: [PASTE UPDATED CODE].
Confirm Input Validation
Please run a series of input validation tests on the following code: [PASTE UPDATED CODE]. Ensure that all user inputs are properly validated against common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and buffer overflows. Provide a detailed report on any vulnerabilities found, including the specific lines of code affected and recommendations for improving input validation. Additionally, summarize the overall security posture of the code based on the validation results.
Verify Output Encoding
Please verify that the output encoding in the following code effectively prevents XSS vulnerabilities. The code to analyze is: [PASTE UPDATED CODE]. Provide a detailed assessment of the encoding methods used, explain how they mitigate XSS risks, and suggest any improvements if necessary. Additionally, include examples of potential XSS attacks that could occur if the encoding is inadequate.
Create reusable rules and practices to avoid future vulnerabilities.
Add SQL Injection Rule
Please create a new rule for the CLAUDE.md documentation that outlines how to prevent SQL injection vulnerabilities in code. The rule should include a clear definition of SQL injection, common scenarios where it can occur, and best practices for mitigating these risks. Additionally, provide examples of safe coding practices and any specific coding patterns to avoid. Format the rule as a concise guideline that can be easily referenced by developers.
Create XSS Prevention Rule
Please draft a security rule in markdown format to prevent XSS (Cross-Site Scripting) vulnerabilities in future projects. The rule should include a clear definition of what XSS vulnerabilities are, common scenarios where they can occur, and specific coding practices or guidelines that developers should follow to avoid these vulnerabilities. Additionally, include examples of both vulnerable and secure code snippets to illustrate the correct implementation. Format the response as a markdown document with headings, bullet points, and code blocks for clarity.
Establish Path Handling Rule
Create a comprehensive rule for path handling in a web application to prevent path traversal vulnerabilities. The rule should include specific conditions that must be met to validate user input, ensuring that any file paths are sanitized and normalized before being processed. Additionally, outline the exact text of the rule, including examples of allowed and disallowed patterns, and explain how this rule can be integrated into the existing security framework. Ensure that the rule is clear and can be easily understood by developers implementing it.
Define Input Validation Standards
Help me define a set of input validation standards to enforce strong security practices in my application. The standards should cover: acceptable data types for user inputs, length restrictions for various fields, specific patterns for formats like email addresses and phone numbers, and guidelines for handling unexpected or malicious input. Additionally, include examples of valid and invalid inputs for each standard, and suggest best practices for implementing these rules in code. Format the response as a detailed markdown document that I can reference during development.
Set Output Encoding Guidelines
Please create a detailed guideline for output encoding that can be included in a CLAUDE.md document. The guideline should cover the importance of output encoding in preventing security vulnerabilities, specify the types of output encoding that should be used for different contexts (such as HTML, JavaScript, and URL encoding), and provide examples of correct and incorrect encoding practices. Additionally, include recommendations for regular audits and updates to these guidelines to ensure they remain effective. Format the output as a clear, structured document with headings and bullet points for easy reference.
Claude Code may generate SQL queries without using parameterized queries or prepared statements, leading to SQL injection risks. Always review generated SQL code for safe practices.
XSS vulnerabilities can occur if Claude Code generates HTML/JS without proper escaping or sanitization. Ensure all user inputs are sanitized and outputs are encoded.
Path traversal issues arise if Claude Code generates file handling code that manipulates file paths unsafely. Validate and sanitize all file paths in your code.
Review the input handling code generated by Claude Code and apply strict validation rules. Use CLAUDE.md to enforce consistent validation practices.
Ensure that all outputs, especially those involving user data, are properly encoded. Use CLAUDE.md to set guidelines for consistent output encoding.
AI Prompts for Identifying Security Vulnerabilities in Code
Generated code may introduce SQL injection, XSS, or path traversal vulnerabilities, which can compromise application security.
See promptsAI Prompts for Preventing Security Vulnerabilities in Code
The generated code is introducing SQL injection, XSS, or path traversal vulnerabilities, which can compromise application security.
See promptsAI Prompts for Resolving Conflicting API Routes
Claude Code sometimes generates API endpoints or page routes that conflict with existing ones, causing errors in routing configuration.
See prompts