Searching the best prompts from our community
Discover the most effective Security prompts. High-quality templates curated by experts to help you get professional AI results.
Design KYC/AML compliance verification flow. Steps: 1. User document upload (Passport/ID). 2. Optical Character Recognition (OCR) data extraction. 3. Face liveness detection (biometrics). 4. Sanctions screening (OFAC, PEPS). 5. Address verification service (AVS). 6. Risk scoring model implementation...
Secure your applications against common vulnerabilities. OWASP Top 10: 1. Injection (SQL, NoSQL, OS commands - use parameterized queries). 2. Broken Authentication (implement MFA, secure password storage with bcrypt). 3. Sensitive Data Exposure (encrypt data at rest and in transit, HTTPS). 4. XML Ex...
Develop comprehensive penetration testing plan. Stages: 1. Scope definition and rules of engagement. 2. Reconnaissance and information gathering (OSINT). 3. Vulnerability scanning (automated tools). 4. Exploitation phase (SQLi, XSS, privilege escalation). 5. Post-exploitation and lateral movement. 6...
Architect HIPAA-compliant patient data storage system. Requirements: 1. Data encryption at rest (AES-256). 2. Data encryption in transit (TLS 1.3). 3. Role-Based Access Control (RBAC). 4. Audit logging of all access events. 5. Business Associate Agreement (BAA) with could provider. 6. Automated back...
Conduct Solidity smart contract security audit. Checklist: 1. Reentrancy vulnerability check. 2. Integer overflow/underflow analysis. 3. Access control verification (modifiers). 4. Gas optimization review. 5. External call safety. 6. Front-running mitigation. 7. Logic error detection. 8. Test covera...
Optimize Docker images using multi-stage builds. Techniques: 1. Separate build and runtime stages. 2. Use slim base images (alpine, distroless). 3. Leverage layer caching with proper ordering. 4. Copy only necessary artifacts to final stage. 5. Use .dockerignore to exclude files. 6. Run as non-root ...
Implement HashiCorp Vault for secrets management. Configuration: 1. Initialize and unseal Vault cluster. 2. Enable authentication methods (AppRole, Kubernetes). 3. Create policies for least-privilege access. 4. Store secrets (database credentials, API keys). 5. Dynamic secrets for databases (auto-ro...
Validate and sanitize user input. Techniques: 1. Whitelist allowed input. 2. Validate data types and formats. 3. Length restrictions. 4. Regex for pattern matching. 5. Sanitize HTML to prevent XSS. 6. Parameterized queries for SQL injection. 7. Validate on client AND server. 8. Contextual output enc...
Scan for security vulnerabilities. Tools: 1. SAST (Snyk, SonarQube) for code analysis. 2. DAST for runtime scanning. 3. Dependency scanning (npm audit, Dependabot). 4. Secret detection (GitGuardian). 5. Container scanning. 6. Infrastructure as Code scanning. Integrate in CI/CD. Fix critical issues i...
Protect APIs with rate limiting. Strategies: 1. Fixed window (requests per minute). 2. Sliding window for smoother limits. 3. Token bucket for burst handling. 4. Leaky bucket for consistent rate. 5. Per-user vs global limits. 6. Redis for distributed rate limiting. 7. Return 429 with Retry-After hea...
Implement JWT auth securely. Flow: 1. User login with credentials. 2. Server validates and creates JWT. 3. Client stores JWT (httpOnly cookie or memory). 4. Include JWT in Authorization header. 5. Server verifies signature and claims. 6. Refresh tokens for long sessions. 7. Token expiration and rene...
Create a regular expression to validate a strong password. The password must be at least 8 characters long, contain at least one uppercase letter, one lowercase letter, one number, and one special character (e.g., !, @, #, $). Explain the different parts of the regex.
I accidentally committed sensitive data to my last commit and pushed it to the remote repository. What are the Git commands I need to use to completely remove the sensitive file from the repository's history? Explain each step of the process.
Analyze the following PHP code snippet for common security vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), or Insecure Direct Object References. Explain where the vulnerabilities are and how to fix them.
What is the best practice for managing environment variables (e.g., API keys, database passwords) in a Node.js project? Explain the use of `.env` files and the `dotenv` package. Provide an example of how to load and access variables from a `.env` file.
Explain the structure of a JSON Web Token (JWT). What are the three parts (Header, Payload, Signature)? What information is typically stored in the payload? How is the signature used to verify the token's authenticity? Provide an example of a decoded JWT payload.
Write a transparent security breach notification. Must include: 1. Clear statement that breach occurred. 2. What data was compromised. 3. What data was NOT affected. 4. Timeline of discovery and response. 5. Immediate actions taken to secure systems. 6. Required customer actions (password reset, mon...
Request payment method update. Communication: 1. Explain why update is needed (expiration, decline). 2. Provide secure update link. 3. Assure data security measures. 4. Set deadline to avoid service interruption. 5. List accepted payment methods. 6. Offer assistance if they have trouble. 7. Confirm ...
Build an anomaly detection system for transaction fraud. Approach: 1. Use Isolation Forest for unsupervised outlier detection. 2. Engineer features (transaction amount, time of day, location distance). 3. Set contamination parameter based on historical fraud rate. 4. Generate anomaly scores and flag...
