Foundational security assessment covering HTTP security headers, transport security configuration, and basic security hygiene to protect against common web attacks.
21
Total Checks
3
Delivery Formats
3
Categories
7
Versions
Included
Never included
PATCH — telemetry-format prose fix: verification instructions still required dotted check IDs (audit.{category}.{check}) while the JSON template and the ingest schema use bare kebab-case slugs; an AI following the prose over the template would emit IDs the schema rejects with a 400. Prose now states bare slugs. No check or criteria changes.
Picked by pack overlap with this audit.
Deep inspection of environment variable handling, secrets storage patterns, and runtime configuration security.
Advanced security header configuration quality — evaluates whether headers are configured correctly, not just present. Sequel to Security Headers & Basics.
Data handling assessment across the AI processing pipeline, covering storage, retention, PII protection, and user control over third-party model data sharing.
Safety assessment against prompt injection attacks, identifying vulnerabilities where untrusted user input might cause the AI to ignore instructions or exfiltrate data.
Comprehensive security audit for REST and GraphQL APIs, covering authentication, authorization, input validation, and protection against OWASP API Top 10 threats.