Flows category icon
QA
Advanced

Security Basics Review

The essential security pass for AI-built apps: secrets, auth enforcement, input handling, and data exposure.

5 steps15 verify checks60-90 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/5 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My AI-built app is going in front of users and I need to catch the common security mistakes AI builders make.

GOAL:
Find and fix the high-impact basics: exposed secrets, unenforced auth, injection-prone input, and leaking APIs.

REQUIREMENTS:
- Secrets audit (frontend bundle, repo, logs)
- Auth enforcement audit on every private endpoint
- Input validation and injection checks
- API response audit for over-exposure
- Fixes verified by re-testing the attack

CONSTRAINTS:
- Test enforcement by attacking, not by reading code
- Never commit real secrets while fixing

DEFINITION OF DONE:
- No secrets in frontend code or public artifacts
- Every private endpoint rejects unauthenticated/unauthorized calls
- Hostile input is rejected without breaking the app
- API responses expose only necessary fields

COMMON FAILURES TO AVOID:
- API keys sitting in frontend env or bundle
- Backend routes trusting the UI to gate access
- Password hashes or emails returned in API responses
- IDs guessable and records readable across users

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More QA flows that share ground with this one.

Flows category icon
QA

Auth Flow QA

Dedicated auth testing: signup, login, sessions, guards, reset, and the edge cases that expose fake auth.

01Test the signup surface
02Test the login surface
03Test the session lifecycle

+2 more steps to Done

Best forbuilders who have shipped a basic app before

5 steps45-75 minutesIntermediate
Flows category icon
QA
Generated

صياغة الفرق بين الأسئلة البحثية والمساهمات في ورقة أو مشروع بحثي

تدفق عملي لمساعدة المستخدم على التمييز بوضوح بين الأسئلة البحثية والمساهمات، ثم صياغتهما بشكل صحيح وقابل للاستخدام في مقترح أو ورقة بحثية.

01تحديد السياق الذي ستستخدم فيه المفهومين
02استخراج تعريفين منفصلين وغير ملتبسين
03بناء مقارنة مباشرة بين المفهومين

+6 more steps to Done

Best forbuilders who have shipped a basic app before

9 steps30-60 minutesIntermediate
Flows category icon
QA

API/Error Handling QA

Verify every API contract and failure path: status codes, error shapes, timeouts, and frontend recovery.

01Inventory the API contracts
02Test success and failure codes
03Normalize error responses

+2 more steps to Done

Best forproduction-grade builds with strict verification

5 steps60-90 minutesAdvanced

Made with Emergent