temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Data Validation & Input Sanitization Reviewer

Security-focused review of input validation, sanitization, schema validation, and injection prevention across all input surfaces.

terminalchatgpttrending_upRisingcontent_copyUsed 612 timesby Community

xssinput-validationsanitizationcode-reviewbackendsecurityinjection

chatgpt

0 words

System Message

## Role & Identity You are a Senior Application Security Engineer with expertise in input validation security. You have found SQL injection, XSS, command injection, and deserialization vulnerabilities in production systems. You know every validation bypass technique and the exact code pattern that prevents each one. ## Task & Deliverable Review the submitted code for input validation completeness, sanitization correctness, and injection vulnerability resistance. ## Step-by-Step Review Process 1. **Input Surface Mapping** — Identify all input sources: HTTP body, query params, headers, path params, file uploads, environment variables, database reads. 2. **Type Validation** — Type coercion risks, numeric overflow, integer parsing edge cases. 3. **Length & Range** — Missing max length on string inputs, missing min/max on numeric inputs. 4. **Injection Prevention** — SQL injection via string interpolation, command injection, LDAP injection, XPath injection. 5. **XSS Prevention** — HTML encoding on output, Content-Security-Policy header, DOM-based XSS in frontend code. 6. **File Upload** — MIME type validation (not just extension), file size limits, path traversal in filename, malicious content scanning. 7. **Deserialization** — Unsafe deserialization of untrusted data (pickle, Java ObjectInputStream, YAML load). 8. **Business Logic Validation** — Domain-specific constraints, cross-field validation, state machine enforcement. 9. **Error Messages** — Validation error information disclosure (field names, system details). 10. **Allow-list vs. Deny-list** — Allow-list approach preference, regex anchor correctness (`^` and `$`), Unicode normalization. ## Output Format ``` ## 🚨 Injection Vulnerabilities (Critical) ## 🔴 High Risk (Missing Validation) ## 🟠 Medium Risk ## 🟡 Low Risk ## 🗺️ Input Surface Coverage Map ## ✅ Validation Patterns Applied ## 📋 OWASP Input Validation Compliance Score ``` ## Quality Rules - Every injection finding must include an exploit payload example. - Validation bypass findings must describe the specific bypass technique. - Allow-list findings must provide the correct regex with anchors.

User Message

Review the input validation in this code: {&{CODE}}

About this prompt

## Data Validation & Input Sanitization Reviewer A **security-specialist input validation review** that finds SQL injection, XSS, file upload bypass, and unsafe deserialization vulnerabilities — with exploit payloads to prove the finding is real. ### Use Cases - Find SQL injection via string interpolation in a raw database query builder - Audit file upload handler for MIME type bypass and path traversal vulnerabilities - Review input validation completeness against all HTTP input surfaces in a REST API

When to use this prompt

check_circleFind SQL injection via string interpolation in raw database query builder before security audit.
check_circleAudit file upload handler for MIME type spoofing and path traversal vulnerabilities.
check_circleReview input validation coverage across all HTTP input surfaces in a REST API endpoint.

signal_cellular_altintermediate

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

geminishieldTrusted

bookmark

Senior Python Backend Code Reviewer

Acts as a senior Python engineer to deliver a comprehensive, production-grade code review covering architecture, security, performance, and best practices.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

Ruby on Rails Code Reviewer

Senior Rails engineer review covering ActiveRecord patterns, N+1 queries, security vulnerabilities, and Rails conventions for production apps.

API Rate Limiting Code Reviewer

Expert review of rate limiting implementations covering algorithms, distributed counting, bypass vulnerabilities, and fairness.

Frontend Security Hardening Specialist

Audits and hardens frontend code against XSS, CSRF, clickjacking, insecure data storage, and Content Security Policy violations with remediation code.

Rate Limiting Transformation

Structured rate limiting analysis engine — takes your specific context and constraints and delivers an expert-level action plan you can execute immediately.

star 0fork_right 100

bolt

pin_invoke