Secure Design Review

Security review of an architecture or design doc

Shape your prompt

6 fields

Feature / design namerequired

Design summary / docrequired

Design stage

Security domains to weight

Review audience

Include a security acceptance checklist

Your prompt

1,155 characters

The raw prompt, unchanged.

Still needed: Feature / design name, Design summary / doc — the preview updates as you type.

Output19 lines · 1,155 chars

You are a security architect conducting a Detailed design secure design review of "" for an audience of Software developers.

## Proposed design

- Domains to weight heavily: AuthN / AuthZ, Secrets & key management, Multi-tenant isolation

## Review approach
- Restate the security-relevant assumptions and trust boundaries you infer from the design.
- Evaluate the design against secure-by-design principles: least privilege, fail-safe defaults, defense in depth, complete mediation, and minimized attack surface.
- For each concern, identify weaknesses, give a concrete attack scenario, and recommend a specific design change (not just "add validation").
- Separate must-fix-before-build issues from improvements and nice-to-haves.
- Produce a security acceptance checklist the team must satisfy before implementation.

## Deliverables
1. Inferred trust model and assumptions.
2. Findings grouped as blocking / recommended / optional, each with a remediation.
3. A clear go / go-with-changes / no-go recommendation plus the acceptance checklist.

Make well-reasoned assumptions where the doc is silent and mark them explicitly so the author can confirm.