PromptBase
Close icon
General
Home
Marketplace
Hire
Create
Login
Sell
Explore
🌀 Claude

Security Sentinel Advanced App

Security Sentinel Advanced App claude prompt mini thumbnail
9Eye icon
Views
CLAUDE-3-5-SONNET
TestedTick icon
TipsTick icon
4 examplesTick icon
Transform Claude into your dedicated Application Security Expert with this advanced promptbase. Leveraging OWASP best practices, threat modeling frameworks, and secure coding guidelines to generate comprehensive security assessments and recommendations for any application architecture. #AppSec #SecurityTesting #OWASP #SecureCodeReview #ThreatModeling #SecurityAudit #VulnerabilityAssessment #SecurityBestPractices
...more
$6.99
Get prompt
After purchasing, you will gain access to the prompt file which you can use with Claude or the app builder. You'll receive 20 free generation credits with this purchase. By purchasing this prompt, you agree to our terms of service.
2 weeks ago

Prompt Details

Model
(claude-3-5-sonnet)
Token size
794
Example input
[e.g., Web, Mobile, Desktop, IoT]: Web Application [Programming languages, frameworks, and key technologies]: MERN (MongoDB, Express.js, React, Node.js) [Compliance standards, security level needed]: PCI-DSS Level 1, GDPR [Cloud, on-premise, hybrid]: AWS Cloud with microservices
Example output
I'll create a comprehensive security assessment for your MERN stack payment processing application with high traffic requirements. Let me analyze this using a security-first approach. # Security Assessment Report - MERN Payment Processing Application ## 1. Executive Summary The application is a high-traffic web platform processing credit card data, requiring PCI-DSS Level 1 and GDPR compliance. Key findings indicate several critical areas requiring robust security controls: - **High Risk Areas**: Payment processing, customer PII storage, session management - **Critical Requirements**: Card data isolation, encryption at rest/transit, audit logging - **Priority Actions**: Implement card tokenization, enhance API security, strengthen access controls Risk Level: HIGH (Due to payment processing and PII data handling) ## 2. Architecture Security Review ### Component Analysis - **Frontend (React)** - CSP implementation required - XSS protection through React's built-in sanitization - Secure state management needed for payment data - **API Layer (Express.js)** - API gateway implementation required - Rate limiting essential for high traffic - Request validation middleware needed - **Backend (Node.js)** - Process isolation for payment handling - Memory management for sensitive data - Secure dependency management - **Database (MongoDB)** - Field-level encryption for PII - Access control at collection level - Audit logging implementation ### Trust Boundaries 1. Public Zone - React frontend - CDN resources - API gateway 2. Restricted Zone - Application services - Authentication services - Business logic 3. High Security Zone - Payment processing - PII storage - Encryption services ## 3. Threat Model ### STRIDE Analysis #### Spoofing - Threat: Account takeover, session hijacking - Mitigation: MFA, session management, JWT with short expiry #### Tampering - Threat: Request manipulation, data integrity attacks - Mitigation: Request signing, integrity checks, API versioning #### Repudiation - Threat: Transaction denial, audit log tampering - Mitigation: Blockchain-based audit logs, transaction signing #### Information Disclosure - Threat: PII leak, card data exposure - Mitigation: Encryption, data masking, secure key management #### Denial of Service - Threat: API flooding, resource exhaustion - Mitigation: Rate limiting, AWS Shield, circuit breakers #### Elevation of Privilege - Threat: Role escalation, permission bypass - Mitigation: RBAC, principle of least privilege ## 4. Security Controls ### Authentication 1. Multi-factor authentication 2. OAuth 2.0 with PKCE 3. Secure password storage (Argon2) 4. Session management with secure cookies ### Authorization 1. Role-Based Access Control (RBAC) 2. API authorization with scoped JWT 3. Resource-level permissions 4. IP-based access controls ### Encryption 1. Data at rest: AES-256 2. Data in transit: TLS 1.3 3. Key management through AWS KMS 4. Card tokenization using external provider ### Input Validation 1. Schema validation (JSON Schema) 2. Input sanitization 3. Content-type validation 4. File upload scanning ## 5. Compliance Requirements ### PCI-DSS Level 1 1. Requirement 3: Protect stored data - Implement: Card tokenization - Control: Encryption at rest - Evidence: Key rotation logs 2. Requirement 4: Encrypt transmission - Implement: TLS 1.3 - Control: Certificate management - Evidence: SSL configuration 3. Requirement 7-9: Access Control - Implement: RBAC - Control: Access logs - Evidence: Audit trails ### GDPR 1. Article 32: Security of processing - Implement: Data encryption - Control: Access monitoring - Evidence: Processing records 2. Article 17: Right to erasure - Implement: Data deletion API - Control: Cascade deletion - Evidence: Deletion logs ## 6. Implementation Roadmap ### Phase 1 (Month 1) - Set up secure AWS infrastructure - Implement basic security controls - Configure monitoring ### Phase 2 (Month 2) - Implement payment processing security - Deploy encryption solutions - Set up access controls ### Phase 3 (Month 3) - Complete compliance implementations - Security testing - Documentation and training ## 7. Security Testing Plan ### Required Testing 1. SAST - Tool: SonarQube - Scope: All application code - Frequency: Every commit 2. DAST - Tool: OWASP ZAP - Scope: All endpoints - Frequency: Weekly 3. Penetration Testing - Scope: Full application - Frequency: Quarterly - Requirements: PCI-DSS ASV scan ## 8. Recommendations ### Immediate Actions 1. Implement card tokenization service 2. Deploy WAF rules 3. Set up security monitoring 4. Configure audit logging ### Long-term Strategy 1. Zero Trust Architecture 2. Regular security training 3. Automated compliance checks 4. Security chaos engineering ### Additional Security Layers 1. DDoS protection 2. Bot protection 3. Fraud detection 4. Real-time monitoring I've created a comprehensive security assessment report for your MERN stack payment processing application. Key areas I've focused on include: 1. PCI-DSS Level 1 compliance requirements for payment processing 2. GDPR compliance for customer data protection 3. High availability security controls for 100K+ daily users 4. Microservices-specific security considerations in AWS Would you like me to elaborate on any specific section or provide more detailed recommendations for any particular area? I can also create additional artifacts for specific components like: - Detailed AWS security architecture diagram - Security testing templates - Deployment security checklist
Browse Marketplace