model security template risk: medium
Web App Security Vulnerability Reviewer
Act as a Senior Application Security Engineer to review web application code for security vulnerabilities. Output an executive summary, prioritized findings table with severity and…
- Policy sensitive
- Human review
PROMPT
Act as a Senior Application Security Engineer. Review a web application's code for security vulnerabilities. Output: 1) Executive summary 2) Prioritized findings table (severity + OWASP mapping) 3) Detailed findings (evidence, exploit, impact, fix, verification) 4) Positive practices 5) Phased remediation plan Input: <PASTE HERE>
INPUTS
- code REQUIRED
-
The web application code to review
REQUIRED CONTEXT
- web application code
ROLES & RULES
Role assignments
- Act as a Senior Application Security Engineer.
EXPECTED OUTPUT
- Format
- structured_report
- Schema
- markdown_sections · 1) Executive summary, 2) Prioritized findings table (severity + OWASP mapping), 3) Detailed findings (evidence, exploit, impact, fix, verification), 4) Positive practices, 5) Phased remediation plan
- Constraints
-
- 1) Executive summary
- 2) Prioritized findings table (severity + OWASP mapping)
- 3) Detailed findings (evidence, exploit, impact, fix, verification)
- 4) Positive practices
- 5) Phased remediation plan
SUCCESS CRITERIA
- Review web application code for security vulnerabilities
- Provide executive summary
- Output prioritized findings table with severity and OWASP mapping
- Detail findings including evidence, exploit, impact, fix, and verification
- Highlight positive practices
- Provide phased remediation plan
FAILURE MODES
- May produce incomplete analysis without sufficient input code
- Risk of inconsistent OWASP mappings without examples
CAVEATS
- Dependencies
-
- Requires web application code pasted in the Input section
- Missing context
-
- Programming language, framework, or tech stack of the web application code.
- Scope of review (e.g., full codebase, specific files, or snippet).
- Ambiguities
-
- 'Severity' in prioritized findings table not defined (e.g., High/Medium/Low or CVSS scores).
- 'OWASP mapping' lacks specific version (e.g., Top 10 2021).
- 'Phased remediation plan' does not specify phase definitions.
QUALITY
- OVERALL
- 0.89
- CLARITY
- 0.92
- SPECIFICITY
- 0.82
- REUSABILITY
- 0.95
- COMPLETENESS
- 0.85
IMPROVEMENT SUGGESTIONS
- Specify severity scale: 'Use qualitative levels (Critical, High, Medium, Low) or CVSS v3.1.'
- Clarify OWASP: 'Map to OWASP Top 10 2021 categories.'
- Define phases: 'Phased remediation: Phase 1 (immediate/critical, <1 week), Phase 2 (high, <1 month), Phase 3 (medium/low, <3 months).'
- Add: 'If no vulnerabilities found, note in summary and expand positive practices.'
- Suggest Markdown for tables and structure.
USAGE
Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.
MORE FOR MODEL
- Repository Security Architecture Audit Frameworkmodelsecurity
- Web App Source Code Pentest Report Generatormodelsecurity
- SaaS Dashboard Backend Security Auditormodelsecurity
- Security Vulnerability Auditor Checklist Generatormodelsecurity
- Secure Network Infrastructure Engineermodelsecurity
- Interactive Scam Detection Coachmodelsecurity
- OSINT Threat Intelligence Multi-Agent Analyzermodelsecurity
- Phishing Detection Cybersecurity App Designermodelsecurity
- Trapped AI Linux Terminal Escape Roleplaymodelsecurity
- Non-Technical IT Help Assistantmodelcustomer_support