Production-ready authentication assessment covering session management, login flow security, password handling, and OAuth integrations.
28
Total Checks
3
Delivery Formats
3
Categories
5
Versions
Included
Never included
PATCH — telemetry-format prose fix: verification instructions still required dotted check IDs (audit.{category}.{check}) while the JSON template and the ingest schema use bare kebab-case slugs; an AI following the prose over the template would emit IDs the schema rejects with a 400. Prose now states bare slugs. No check or criteria changes.
Picked by pack overlap with this audit.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.
Authorization layer assessment covering access control, resource authorization, API permissions, and admin boundary enforcement.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
API design quality assessment covering naming consistency, HTTP semantics, request/response shape, security controls, and developer experience.