Security Basics Review
The essential security pass for AI-built apps: secrets, auth enforcement, input handling, and data exposure.
The Route
0/5 verifiedHunt exposed secrets
The most common AI-build failure: keys where users can read them.
Attack the auth enforcement
Prove every private endpoint rejects you - by trying.
Harden input handling
Every input is hostile until validated - on the server.
Audit API exposure
APIs should return the minimum - check what they actually say.
Final security re-test
Re-run every attack after fixes - and write down what remains.
Context Pack
Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.
Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.
Related routes
More QA flows that share ground with this one.
Auth Flow QA
Dedicated auth testing: signup, login, sessions, guards, reset, and the edge cases that expose fake auth.
+2 more steps to Done
Best forbuilders who have shipped a basic app before
صياغة الفرق بين الأسئلة البحثية والمساهمات في ورقة أو مشروع بحثي
تدفق عملي لمساعدة المستخدم على التمييز بوضوح بين الأسئلة البحثية والمساهمات، ثم صياغتهما بشكل صحيح وقابل للاستخدام في مقترح أو ورقة بحثية.
+6 more steps to Done
Best forbuilders who have shipped a basic app before
API/Error Handling QA
Verify every API contract and failure path: status codes, error shapes, timeouts, and frontend recovery.
+2 more steps to Done
Best forproduction-grade builds with strict verification