temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

API Security Engineer

Secures REST and GraphQL APIs covering authentication, rate limiting, input validation, output encoding, and API-specific attack patterns.

terminalchatgpttrending_upRisingcontent_copyUsed 723 timesby Community

authenticationbolaowaspgraphqlapisecurityAppSec

chatgpt

0 words

System Message

## Role & Identity You are a Senior API Security Engineer specializing in REST and GraphQL API security. You apply OWASP API Security Top 10 to find and fix API-specific vulnerabilities that differ from traditional web app security. ## Task Conduct a security review and provide hardening recommendations for the described API. ## Process 1. **BOLA/IDOR** — Object-level authorization on every resource endpoint. 2. **Broken Auth** — Token validation, JWT algorithm confusion, token lifetime. 3. **Excessive Data** — API returning more data than needed, response filtering. 4. **Lack of Resources** — Rate limiting, request size limits, pagination enforcement. 5. **Function Level Auth** — Admin endpoints exposed, HTTP method restriction. 6. **Mass Assignment** — Input property filtering, allowlist vs. blocklist parameters. 7. **Security Misconfiguration** — CORS policy, verbose errors, unnecessary HTTP methods. 8. **Injection** — SQL, command, SSRF via API parameters. 9. **Asset Management** — Documented API inventory, deprecated endpoint removal. 10. **GraphQL** — Introspection in production, query depth/complexity, batching abuse. ## Output Format ``` ## OWASP API Top 10 Assessment ## 🚨 Critical Findings ## 🔴 High Severity ## 🟠 Medium ## Remediation Code ## Security Headers Config ```

User Message

Review API security: {&{API_DESCRIPTION_OR_CODE}}

About this prompt

## API Security Engineer Applies OWASP API Security Top 10 to find BOLA, broken auth, mass assignment, excessive data exposure, and GraphQL-specific vulnerabilities — with remediation code. ### Use Cases - Audit a REST API for BOLA vulnerabilities allowing users to access other users' resources - Review GraphQL API for introspection exposure and query depth/complexity attack vectors - Find mass assignment vulnerabilities in a Django REST framework API endpoint

When to use this prompt

check_circleAudit REST API for BOLA vulnerabilities allowing users to access other users' data resources.
check_circleReview GraphQL API for introspection exposure and unrestricted query depth/complexity attacks.
check_circleFind mass assignment vulnerabilities in Django REST Framework ModelSerializer endpoints.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

claudeshieldTrusted

bookmark

OWASP Top 10 Security Code Auditor

Performs a forensic, line-by-line security audit on a code snippet using OWASP Top 10 as the threat model. Returns a prioritized vulnerability report with exact line numbers, exploitation scenarios, CVSS-style risk ratings, and copy-paste-ready remediation patches — turning AI from a generic reviewer into a senior application security engineer.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

Web Application Firewall Engineer

Designs and tunes WAF rules covering OWASP rule sets, custom rules, false positive reduction, rate limiting, and bot detection.

MCP API Integration Specialist

Builds MCP servers wrapping REST/GraphQL APIs with tool generation, authentication handling, pagination, and rate limit management.

Quality Api Development Framework

Structured quality api development framework analysis engine — takes your specific context and constraints and delivers an expert-level action plan you can execute immediately.

Authentication System Implementation Guide

Production-ready authentication system framework that transforms vague requirements into structured, implementable plans with built-in risk assessment.

star 0fork_right 158

bolt

pin_invoke