Comprehensive security review covering auth, data validation, secrets management, transport security, and error handling.
This audit evaluates 34 security checks across 5 categories: authentication and session management, input validation and data sanitization, secrets and credentials management, transport layer security, and error handling. Designed for vibe-coded projects where security is often an afterthought, it surfaces the vulnerabilities most commonly introduced during rapid AI-assisted development.
34
Total Checks
3
Delivery Formats
5
Categories
7
Versions
Included
Never included
Severity of tls-in-transit raised from low to high — prior rationale was self-defeating (low because hosting handles it; but when the check fails hosting is NOT handling it and credentials are cleartext). Now aligned with CWE-319 and OWASP A02 severity. Pattern ab-002401, chunk-4, chunk-6, legacy prompt, and frontmatter severity_rationale updated.
2026-04-18
Quality hardening: enumeration language, numeric thresholds, cross-references, negative guardrails, measurement-on-pass, and quoting patterns across all 34 checks. Manifest tolerances tightened to exact.
2026-04-02
Added chunked format for browser-based tools
2026-03-01
Improved Step 3: paste URL is now primary submission method
2026-03-01
Hardened curl commands with -sS -L flags for redirect following and error visibility. Added response validation guidance to Step 3.
2026-02-23
Added ORM detection for input sanitization checks
2026-02-15
Major restructure: split into 5 categories
2026-01-20
Picked by pack overlap with this audit.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.
Production-ready authentication assessment covering session management, login flow security, password handling, and OAuth integrations.
Authorization layer assessment covering access control, resource authorization, API permissions, and admin boundary enforcement.