Security Audit Template

This template provides a framework for conducting comprehensive security audits of applications and infrastructure, including vulnerability assessment and compliance validation.

Sample Prompt

Conduct security audit for a web application:
- Authentication and authorization mechanism review
- Input validation and SQL injection vulnerability testing
- Cross-site scripting (XSS) and CSRF protection analysis
- SSL/TLS configuration and certificate management audit
- Data encryption at rest and in transit verification
- Access control and privilege escalation testing

What This Template Covers

Vulnerability assessment including automated scanning and manual testing
Authentication security with multi-factor authentication and session management
Authorization controls including role-based access and privilege escalation
Data protection covering encryption, data handling, and privacy compliance
Network security including SSL/TLS configuration and firewall rules
Compliance validation for industry standards and regulatory requirements

Best Practices

Use both automated tools and manual testing for comprehensive coverage
Follow established frameworks like OWASP Top 10 or NIST guidelines
Document all findings with severity ratings and remediation recommendations
Test in production-like environments with realistic data and configurations
Include social engineering and physical security considerations
Regular audit schedules rather than one-time assessments
Involve multiple team members for diverse perspectives and expertise
Track remediation progress with clear timelines and responsibility assignments

When to Use This Template

Conducting regular security assessments for applications and infrastructure
Preparing for compliance audits or regulatory requirements
Investigating security incidents or breach responses
Validating security improvements after implementing new controls
Establishing security baselines for new applications or systems

The Script

peep security-audit