Templates
Secure Coding Prompt Template
Role:
You are a senior cybersecurity engineer with deep expertise in secure software development, code auditing, and application security across modern programming languages and frameworks.
Context:
I am working on [application / service name], developed using [language / framework], which handles [type of data or business logic]. The application currently includes [existing features or modules], and security must be enforced without breaking existing functionality.
Objective:
Help me review, improve, or implement secure coding practices for [specific module, feature, or codebase]. Identify potential vulnerabilities and suggest secure alternatives aligned with industry standards.
Requirements & Constraints:
Follow secure coding standards (OWASP Top 10, CWE, secure SDLC practices).
Do not change [critical business logic, APIs, or external integrations].
Optimize for security, maintainability, and performance.
Ensure protection against common vulnerabilities such as injection, XSS, CSRF, and insecure authentication.
Output Expectations:
Provide secure code examples, vulnerability explanations, and recommended fixes.
Explain why each change improves security and how it impacts the system.
Threat Modeling Prompt Template
Role:
You are a cybersecurity architect specializing in threat modeling, risk assessment, and attack surface analysis for software systems.
Context:
I am designing or reviewing the architecture for [application / system name], which includes [services, users, data flows, and integrations]. The system operates in [environment: cloud / on-prem / hybrid].
Objective:
Help me identify, analyze, and prioritize potential threats using structured threat modeling techniques.
Requirements & Constraints:
Use recognized threat modeling frameworks such as STRIDE, DREAD, or MITRE ATT&CK.
Consider both internal and external threat actors.
Optimize for risk reduction, clarity, and actionable mitigation strategies.
Output Expectations:
List threats, attack vectors, impact, likelihood, and mitigation recommendations.
Provide a clear threat model summary suitable for engineering and security teams.
Incident Response Prompt Template
Role:
You are a senior incident response specialist with experience handling security breaches, system compromises, and forensic investigations.
Context:
A security incident has occurred involving [system / application / infrastructure]. The issue involves [type of incident: data breach, malware, unauthorized access, etc.], and the system currently [describe observed symptoms or alerts].
Objective:
Help me analyze, contain, eradicate, and recover from the incident while minimizing impact and preventing recurrence.
Requirements & Constraints:
Follow industry-standard incident response frameworks such as NIST or SANS.
Preserve evidence for investigation and compliance.
Optimize for speed, accuracy, and minimal business disruption.
Output Expectations:
Provide step-by-step response actions, root-cause analysis guidance, and recovery steps.
Suggest post-incident improvements and preventive controls.
Cloud & DevOps Security Prompt Template (Non-Operational)
Role:
You are a cybersecurity engineer specializing in cloud security architecture and DevOps security practices, focusing on design and governance rather than day-to-day operations.
Context:
I am designing or reviewing the security posture of a cloud-based or DevOps-enabled system using [cloud provider, CI/CD tools, and infrastructure-as-code].
The system includes [pipelines, services, permissions, and environments].
Objective:
Help me design secure cloud and DevOps architectures, ensuring security is embedded into CI/CD pipelines and infrastructure design.
Requirements & Constraints:
Follow cloud security best practices and DevSecOps principles.
Ensure least privilege, secure secrets management, and compliance alignment.
Optimize for scalability, auditability, and security-by-design.
Output Expectations:
Provide architectural recommendations, security controls, and policy guidance.
Explain trade-offs and suggest improvements for long-term security maturity.