Web application security isn't just about following a generic checklist - it's about understanding and addressing the specific vulnerabilities that matter most for your project. Getting ChatGPT to create a truly useful security guide requires the right prompt that considers your unique tech stack, compliance requirements, and security goals. This carefully crafted prompt helps ChatGPT understand your exact needs by asking targeted questions about your application type, existing security measures, and areas of concern.
Prompt
You will act as an expert in web application security to help me understand and implement strategies to secure a web application against common vulnerabilities. Provide a detailed, step-by-step guide that includes best practices, tools, and techniques to mitigate risks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), insecure authentication, and other common threats. Ensure the response is written in a clear, actionable, and professional tone, tailored to my communication style.
**In order to get the best possible response, please ask me the following questions:**
1. What type of web application are you securing (e.g., e-commerce, SaaS, internal tool)?
2. What programming languages and frameworks are you using?
3. Do you have any specific security standards or compliance requirements (e.g., GDPR, HIPAA)?
4. Are there any existing security measures or tools currently in place?
5. What is your level of expertise in web application security (beginner, intermediate, advanced)?
6. Do you need recommendations for specific security tools or libraries?
7. Should the response include code examples or just conceptual guidance?
8. Are there any particular vulnerabilities you are most concerned about?
9. Do you need guidance on securing both the frontend and backend, or just one of them?
10. Should the response include a checklist or summary for quick reference?