Security Testing Prompts

This section provides prompts designed to help you create effective security test scenarios using AI. These prompts ensure thorough testing of system security and vulnerability assessment.

Basic Security Test Generation

Prompt Template

Generate security test scenarios for:
[System/Feature]: [Brief description]

Security Requirements:
- Authentication: [Requirements]
- Authorization: [Requirements]
- Data Protection: [Requirements]
- Compliance: [Standards]

Test Types:
1. [Test Type 1]
2. [Test Type 2]
...

Please include:
- Test Scenarios
- Test Data
- Security Tools
- Success Criteria
- Risk Assessment

Example Usage

Generate security test scenarios for:
User Authentication System: Login and session management

Security Requirements:
- Authentication: Multi-factor authentication required
- Authorization: Role-based access control
- Data Protection: Encryption at rest and in transit
- Compliance: OWASP Top 10, GDPR

Test Types:
1. Authentication Testing
2. Authorization Testing
3. Session Management
4. Input Validation
5. Security Headers

Please include:
- Test Scenarios
- Test Data
- Security Tools
- Success Criteria
- Risk Assessment

Advanced Security Testing

Penetration Testing

Generate penetration test scenarios for:
[System/Feature]: [Description]

Focus Areas:
1. Network Security
2. Application Security
3. Data Security
4. Access Control
5. Compliance

Include:
- Test Scenarios
- Tools Required
- Success Criteria
- Risk Levels
- Remediation Steps

Vulnerability Assessment

Generate vulnerability assessment scenarios for:
[System/Feature]: [Description]

Assessment Areas:
1. OWASP Top 10
2. Common Vulnerabilities
3. Security Misconfigurations
4. Data Exposure
5. Access Control Issues

Include:
- Test Cases
- Scanning Tools
- Analysis Methods
- Risk Assessment
- Mitigation Steps

Best Practices

When using these prompts:
  1. Follow Security Standards
    • OWASP guidelines
    • Industry standards
    • Compliance requirements
    • Security best practices
  2. Use Appropriate Tools
    • Security scanners
    • Penetration testing tools
    • Code analysis tools
    • Monitoring tools
  3. Document Findings
    • Vulnerabilities
    • Risk levels
    • Impact assessment
    • Remediation steps
  4. Maintain Security
    • Regular updates
    • Security patches
    • Access reviews
    • Compliance checks

Tips for Better Results

  1. Start with Assessment
    • Security baseline
    • Risk assessment
    • Compliance check
    • Tool selection
  2. Plan Test Approach
    • Test scope
    • Test methods
    • Resource allocation
    • Timeline
  3. Execute Tests
    • Follow methodology
    • Document findings
    • Assess impact
    • Prioritize issues
  4. Report Results
    • Findings
    • Risk levels
    • Recommendations
    • Action items

Common Pitfalls to Avoid

  1. Incomplete Coverage
    • ❌ “Test security”
    • ✅ “Test OWASP Top 10 vulnerabilities, authentication, authorization, and data protection”
  2. Missing Tools
    • ❌ “Manual testing”
    • ✅ “Use security scanners, penetration testing tools, and code analysis tools”
  3. Poor Documentation
    • ❌ “Found vulnerabilities”
    • ✅ “Documented vulnerabilities with risk levels, impact, and remediation steps”
  4. Inadequate Follow-up
    • ❌ “Fixed issues”
    • ✅ “Verified fixes, updated security controls, and documented changes”

Example Output Structure

Security Test Plan: User Authentication
Version: 1.0
Date: [Current Date]

1. Security Requirements
   - Authentication
   - Authorization
   - Data Protection
   - Compliance

2. Test Scenarios
   - Authentication Tests
   - Authorization Tests
   - Session Management
   - Input Validation
   - Security Headers

3. Test Environment
   - Security Tools
   - Test Data
   - Monitoring Setup
   - Access Requirements

4. Test Execution
   - Test Steps
   - Tools Used
   - Data Requirements
   - Success Criteria

5. Results Analysis
   - Vulnerabilities
   - Risk Assessment
   - Impact Analysis
   - Recommendations

6. Remediation
   - Fixes Required
   - Priority Levels
   - Implementation Steps
   - Verification