Security Review Checklist Generator
PROGenerate context-specific security audit checklists for OWASP, NIST, PCI-DSS, HIPAA, and ISO 27001. Tailored to my app type, tech stack, and compliance requirements with tool recommendations and remediation guidance.
Example Usage
“Generate a comprehensive security review checklist for our Node.js/Express payment processing application. We handle credit card data and are preparing for PCI-DSS 4.0 compliance audit in Q1. Include OWASP Top 10 mapping, recommended SAST/DAST tools for Node.js, database encryption requirements, API authentication patterns, and evidence documentation templates. Format as an interactive checklist for Notion.”
Skill Prompt
This skill works best when copied from findskill.ai — it includes variables and formatting that may not transfer correctly elsewhere.
How to Use This Skill
1
Copy the skill using the button above
2
Paste into your AI assistant (Claude, ChatGPT, etc.)
3
Fill in your inputs below (optional) and copy to include with your prompt
4
Send and start chatting with your AI
Suggested Customization
| Description | Default | Your Value |
|---|---|---|
| Type of application being assessed | web_application | |
| Security standards to include in the checklist | owasp_top_10, nist_csf | |
| Technologies used in the application | Node.js, React, PostgreSQL | |
| Application criticality level | high | |
| Whether to include fix guidance and code examples | true | |
| Delivery format for the checklist | markdown |
Research Sources
This skill was built using research from these authoritative sources:
- OWASP Top 10 Web Application Security Risks The definitive list of critical web application vulnerabilities and mitigation strategies
- OWASP Secure-by-Design Framework Architecture-level security design with review checklists and governance
- OWASP Web Security Testing Guide Reference framework for security testing methodologies across SDLC phases
- NIST Cybersecurity Framework 5-function framework (Identify/Protect/Detect/Respond/Recover) with control taxonomy
- PCI DSS 4.0 Compliance Standard 12-requirement standard for payment card data protection with implementation checklists
- Application Security Risk Assessment Checklist 8-step process for threat identification, vulnerability assessment, and remediation
- GitHub Security Audit & Secret Detection Tools and methodologies for detecting exposed secrets and supply chain risks
- OWASP Top 10 Technical Review (IEEE) Technical details of vulnerabilities, testing methodology, and mitigation strategies
- NIST 800-53 Security Controls 18 security control families for federal information security
- CIS Benchmarks Hardening guides for systems, databases, and cloud environments