Interactive Chat Tutorial

alprina chat

╭─────────────────────────────────────────────────────────────╮
│                    Alprina AI Assistant                      │
│                                                              │
│  Type your security questions or requests.                   │
│  Use /help for special commands.                            │
│  Press Ctrl+C or type /exit to quit.                        │
╰─────────────────────────────────────────────────────────────╯

You:

You: What are the most common web vulnerabilities?

You: Can you scan my web application in ./src for security issues?

Alprina: I'll scan your web application directory...

✓ Scan completed!

I found 8 security issues in your application:

🔴 HIGH (2 findings):
  - SQL Injection in user authentication (login.py:45)
  - Hardcoded credentials in config (config.py:12)

🟡 MEDIUM (4 findings):
  - Missing CSRF protection on forms
  - Weak password requirements
  - Unvalidated redirects
  - Sensitive data in logs

🟢 LOW (2 findings):
  - Missing security headers
  - Verbose error messages

Would you like me to explain any of these findings in detail?

You: Tell me more about the SQL injection issue

Alprina: Let me explain the SQL injection vulnerability I found in login.py...

**Location:** login.py, line 45

**Code:**
```python
query = f"SELECT * FROM users WHERE username='{username}' AND password='{password}'"
cursor.execute(query)

Username: admin' --
Password: anything

SELECT * FROM users WHERE username='admin' --' AND password='anything'

### Step 5: Get Mitigation Guidance

Request a fix:

Alprina provides step-by-step mitigation:

query = "SELECT * FROM users WHERE username=? AND password=?"
cursor.execute(query, (username, password))

import re
 
def validate_username(username):
    if not re.match("^[a-zA-Z0-9_]{3,20}$", username):
        raise ValueError("Invalid username format")
    return username
 
# In your login function:
username = validate_username(request.form['username'])

import bcrypt
 
# During registration:
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
 
# During login:
if bcrypt.checkpw(password.encode(), stored_hash):
    # Authentication successful

from sqlalchemy import create_engine, select
from models import User
 
user = session.query(User).filter_by(username=username).first()
if user and user.check_password(password):
    # Authentication successful

### Step 6: Use Special Commands

Explore special commands for efficiency:

Alprina shows available commands:

Try a direct scan command:

### Step 7: Generate a Report

After your analysis, create a report:

Or use the command:

Alprina will generate and save a comprehensive report.

### Step 8: Save Your Session

Save important conversations:

## Advanced Techniques

### Load Previous Scan Results

Start chat with existing scan data:

```bash
# First, run a scan
alprina scan ./src --output scan-results.json

# Then load it in chat
alprina chat --load scan-results.json

You: What's the most critical issue?

Alprina: Based on the scan results I have loaded, the most critical
issue is the SQL injection vulnerability in login.py (HIGH-001).
This should be your top priority because...

You: Scan my API endpoints at ./api

Alprina: [performs scan]

You: Now scan my authentication module in ./auth

Alprina: [performs second scan]

You: Which area has more security issues?

Alprina: Based on both scans:

API endpoints: 5 issues (1 HIGH, 3 MEDIUM, 1 LOW)
Auth module: 8 issues (2 HIGH, 4 MEDIUM, 2 LOW)

Your authentication module needs more attention...

You: Can you explain XSS attacks and recommend resources to learn more?

Alprina: [Provides explanation and curated learning resources]

You: Show me examples of secure session management in Python Flask

Alprina: [Provides complete code examples with explanations]

You: Scan my code for SQL injection
Alprina: [finds issues]
You: Which one is most critical?
Alprina: [explains]
You: Show me how to fix that one first
Alprina: [provides solution]
You: Are there any testing tools I should use?
Alprina: [recommends tools]

/scan ./src
/explain HIGH-001
/fix HIGH-001
/report

/save security-review-$(date +%Y-%m-%d).json

1. You: Scan my application
2. [Review findings]
3. You: Explain the authentication issues
4. [Understand problem]
5. You: How do I fix them?
6. [Implement solutions]
7. You: Generate a report

1. You: I'm worried about SQL injection. Check my database queries.
2. [Focused scan]
3. You: Show me every instance
4. [Detailed analysis]
5. You: Provide secure alternatives
6. [Implementation guidance]

1. You: What are OWASP Top 10 vulnerabilities?
2. You: Explain each one with examples
3. You: Scan my code for these issues
4. You: How do I prevent them in the future?

export ANTHROPIC_API_KEY=your_key_here
alprina chat

# Verify file exists
ls -la scan-results.json
 
# Load explicitly
alprina chat --load scan-results.json

You: I'm starting a new Django e-commerce project.
     What security measures should I implement from day one?

Alprina: [Provides comprehensive security checklist]

You: Can you create a security policy file for my project?

Alprina: [Generates .alprina/policy.yaml with best practices]

You: Scan my initial code

Alprina: [Performs initial scan, provides baseline]

You: I'm about to deploy to production.
     Can you do a final security check on ./src?

Alprina: [Runs comprehensive scan]

You: Any blockers for production?

Alprina: [Identifies critical issues that must be fixed]

You: Help me fix the critical ones

Alprina: [Guides through fixes]

You: Rescan to confirm

Alprina: [Verifies fixes, gives go/no-go recommendation]

You: We detected unusual database activity.
     Scan our query handlers in ./db

Alprina: [Identifies potential SQL injection]

You: Show me all places where this pattern appears

Alprina: [Lists all vulnerable locations]

You: Generate emergency patch instructions

Alprina: [Provides prioritized remediation steps]