π Security Tool Cheatsheet
Alex Morgan — Senior Penetration Tester
Why AI Changes the Game for Security Analysis
Artificial Intelligence (AI) tools like ChatGPT and Claude provide security analysts with enhanced capabilities for threat intelligence, incident response, and vulnerability management. Leveraging these tools not only speeds up the process but also increases the accuracy of the analysis.
Before You Start: How to Set Context Properly
Setting context is crucial for obtaining relevant and precise outputs from AI. Start by stating the goal clearly, specifying the context of the security domain, and identifying the audience. Include any relevant details that can help the AI understand the request.
Core Prompts Cheatsheet
What it does: Lists prevalent web app vulnerabilities.
When to use: When assessing web applications for security flaws.
Customization: Specify the app type (e.g., e-commerce) or frameworks.
What it does: Suggests endpoint security measures.
When to use: When developing or reviewing endpoint security policies.
Customization: Include the type of endpoints and existing measures.
What it does: Provides a brief overview of OWASP Top 10.
When to use: When introducing security concepts to new team members.
Customization: Request more detailed explanations for individual items.
What it does: Analyzes a specific security incident.
When to use: After news of a significant breach.
Customization: Specify the incident and focus areas (e.g., user impact).
What it does: Outlines response steps for ransomware incidents.
When to use: To prepare an incident response plan.
Customization: Specify the organization size and resources available.
What it does: Lists essential steps for a risk assessment process.
When to use: Before conducting a security assessment.
Customization: Modify for specific environments and compliance standards.
Weak vs Strong Prompt Examples
β Strong: List the top 5 security threats facing financial institutions today.
β Strong: What are the top ten best practices for securing a small business network against cyber threats?
Advanced Prompt Techniques
Utilize advanced techniques like role prompting, where you define the role of the AI. For example, “You are a cybersecurity consultant advising a startup on security practices.” This clarifies the AI’s perspective and recommendations. Chain-of-thought
Claude vs ChatGPT: Which Works Better For This
ChatGPT excels in conversational context, making it suitable for interactive queries. Claude may provide more structured outputs, beneficial for generating formal reports or detailed analysis. Both can produce impressive results depending on the application.
Tips for Getting Consistent Results
Be specific about your request and provide sufficient context. Use iterative refinement, where you take the initial output and progressively enhance it by asking follow-up questions. This method not only tailors the results but also deepens the analysis based on your needs.
Quick Reference: All Prompts in One Place
- List common vulnerabilities in web applications.
- What best practices should I implement for endpoint security?
- Generate a summary of the OWASP Top 10 vulnerabilities.
- Describe the attack vectors used in a recent (insert specific incident) breach.
- How to respond to a ransomware attack?
- Create a checklist for performing a risk assessment.