Skip to content

CodeSlick Video Scripts (1-Minute Format)

Purpose: Short demonstration videos for social media (LinkedIn, Twitter, Reddit) Duration: 45-60 seconds each Format: Screen recording with voice-over Target Audience: DevSecOps teams, security engineers, developers

Script 1: "SQL Injection Fixed in 10 Seconds"

Duration: 50 seconds Hook: Problem → Solution format Best for: LinkedIn, Twitter

Timing & Actions

0:00-0:08 (8s) - The Problem - Screen: Show vulnerable code with SQL injection 

const query = `SELECT * FROM users WHERE id = ${userId}`;
- Voice-over: "Finding SQL injection is easy. Every scanner finds it. But fixing it? That takes time."

0:08-0:15 (7s) - Upload & Analyze - Screen: Drag file into CodeSlick OR paste code - Action: Click "Analyze Code" button - Voice-over: "CodeSlick analyzes your code in seconds."

0:15-0:25 (10s) - Results - Screen: Show vulnerability detected (RED severity badge) - Highlight: "SQL Injection - CRITICAL" - Voice-over: "SQL injection detected. CVSS score 9.8. Critical severity."

0:25-0:40 (15s) - AI Fix - Screen: Click "Generate AI Fix" button - Action: Show AI analyzing (loading spinner 2-3s) - Screen: Show fixed code with diff highlighting 

const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
- Voice-over: "One click. AI generates the fix. Parameterized query. Secure."

0:40-0:50 (10s) - Apply & Done - Screen: Click "Apply Fix" button - Action: Show code updated in editor - Screen: Show success message "✓ Fix applied successfully" - Voice-over: "Apply the fix. Done. Ten seconds from vulnerable to secure."

0:50-0:55 (5s) - CTA - Screen: CodeSlick logo + URL - Text overlay: "Try it free: codeslick.dev" - Voice-over: "Try CodeSlick. Free for developers."

Script 2: "54+ Security Checks Across 4 Languages"

Duration: 55 seconds Hook: Comprehensive coverage Best for: LinkedIn (technical audience)

Timing & Actions

0:00-0:10 (10s) - The Problem - Screen: Show 4 different code editors (JavaScript, Python, Java, TypeScript) - Voice-over: "Your team writes JavaScript, Python, Java, TypeScript. You need different scanners for each language. Until now."

0:10-0:18 (8s) - CodeSlick Overview - Screen: CodeSlick landing page - Highlight: "54+ Security Checks" banner - Voice-over: "CodeSlick. One platform. Four languages. Fifty-four security checks."

0:18-0:28 (10s) - JavaScript Example - Screen: Upload JavaScript file with XSS vulnerability - Action: Show detection "Cross-Site Scripting (XSS) - HIGH" - Voice-over: "JavaScript. XSS detected. Severity: High."

0:28-0:38 (10s) - Python Example - Screen: Switch to Python file with command injection - Action: Show detection "Command Injection - CRITICAL" - Voice-over: "Python. Command injection. Critical severity."

0:38-0:48 (10s) - Java Example - Screen: Switch to Java file with XXE vulnerability - Action: Show detection "XML External Entity (XXE) - HIGH" - Voice-over: "Java. XXE vulnerability. Also detected."

0:48-0:55 (7s) - CTA - Screen: Show summary "3 vulnerabilities detected across 3 languages" - Text overlay: "OWASP Top 10 Compliant • CVSS Scoring • AI-Powered Fixes" - Voice-over: "One platform. All your languages. Try it free at codeslick.dev"

Script 3: "From Hardcoded API Key to Secure in 15 Seconds"

Duration: 50 seconds Hook: Real-world security mistake Best for: Twitter, Reddit (r/programming, r/webdev)

Timing & Actions

0:00-0:08 (8s) - The Mistake - Screen: Show code with hardcoded API key 

API_KEY = "sk_live_51H..."  # Stripe API key
stripe.api_key = API_KEY
- Voice-over: "We've all done it. Hardcoded an API key during testing. Then forgot to remove it."

0:08-0:15 (7s) - The Risk - Screen: GitHub search showing "sk_live" results (thousands) - Text overlay: "43,000+ exposed API keys on GitHub" - Voice-over: "Forty-three thousand exposed API keys on GitHub right now."

0:15-0:25 (10s) - CodeSlick Detects - Screen: Paste code into CodeSlick - Action: Click "Analyze Code" - Screen: Show detection "Hardcoded Credentials - CRITICAL" - Highlight: "Stripe API key detected (sk_live_)" - **Voice-over*: "CodeSlick finds it instantly. Hardcoded Stripe API key. Critical severity."

0:25-0:40 (15s) - AI Fix - Screen: Click "Generate AI Fix" - Action: Show AI fix (2-3s loading) - Screen: Show fixed code with diff 

import os
API_KEY = os.environ.get('STRIPE_API_KEY')
if not API_KEY:
    raise ValueError('STRIPE_API_KEY not set')
stripe.api_key = API_KEY
- Voice-over: "AI generates the fix. Environment variable. Error handling. Secure."

0:40-0:50 (10s) - Done - Screen: Click "Apply Fix" - Action: Show success message - Screen: Show before/after comparison (split screen) - Voice-over: "Fifteen seconds. From exposed secret to production-ready code."

0:50-0:55 (5s) - CTA - Screen: CodeSlick logo - Text overlay: "Free for developers • AI-powered fixes • codeslick.dev" - Voice-over: "CodeSlick. Security that doesn't slow you down."

Recording Tips

Equipment Setup

  • Screen Resolution: 1920x1080 (Full HD)
  • Recording Software:
  • Mac: QuickTime (Cmd+Shift+5) or ScreenFlow
  • Windows: OBS Studio or Camtasia
  • Audio: Clear microphone (USB mic or good headset)
  • Browser: Chrome (clean profile, no extensions visible)

Before Recording

  1. Clear browser cache (fresh session)
  2. Close unnecessary tabs (only CodeSlick)
  3. Disable notifications (Do Not Disturb mode)
  4. Prepare code samples (copy-paste ready)
  5. Test the flow (practice once without recording)

During Recording

  1. Move slowly - Cursor movements should be deliberate
  2. Pause briefly - 1-2 second pause before clicking buttons
  3. Highlight important text - Use cursor to circle/point
  4. Zoom in if needed - Ensure text is readable at 1080p

After Recording

  1. Trim dead space - Remove long loading times (speed up to 1.5x)
  2. Add text overlays - Highlight key metrics (CRITICAL, 10 seconds, etc.)
  3. Add background music - Subtle, non-distracting (royalty-free)
  4. Export settings:
  5. Format: MP4
  6. Resolution: 1920x1080
  7. Frame rate: 30fps
  8. Bitrate: 8-10 Mbps

Social Media Specs

  • LinkedIn: 16:9 aspect ratio, MP4, max 10 minutes (but 1min is ideal)
  • Twitter: 16:9 or 1:1, MP4, max 2:20 (but 1min is ideal)
  • Reddit: 16:9, MP4, max 1GB

Code Samples for Testing

Script 1: SQL Injection (JavaScript)

// Vulnerable code (BEFORE)
const express = require('express');
const mysql = require('mysql');

app.get('/user', (req, res) => {
  const userId = req.query.id;
  const query = `SELECT * FROM users WHERE id = ${userId}`;

  db.query(query, (err, results) => {
    if (err) throw err;
    res.json(results);
  });
});

// Fixed code (AFTER - what AI generates)
app.get('/user', (req, res) => {
  const userId = req.query.id;
  const query = 'SELECT * FROM users WHERE id = ?';

  db.query(query, [userId], (err, results) => {
    if (err) throw err;
    res.json(results);
  });
});

Script 2: XSS (JavaScript)

// XSS vulnerability
document.getElementById('output').innerHTML = userInput;

// Command Injection (Python)
import os
filename = input("Enter filename: ")
os.system(f"cat {filename}")

// XXE (Java)
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new File(xmlFile));

Script 3: Hardcoded API Key (Python)

# BEFORE
import stripe

API_KEY = "sk_live_51H9J8KLmNoPqRsTuVwXyZ1234567890"
stripe.api_key = API_KEY

def create_payment(amount):
    charge = stripe.Charge.create(
        amount=amount,
        currency='usd',
        source='tok_visa'
    )
    return charge

# AFTER (AI-generated fix)
import os
import stripe

API_KEY = os.environ.get('STRIPE_API_KEY')
if not API_KEY:
    raise ValueError('STRIPE_API_KEY environment variable not set')

stripe.api_key = API_KEY

def create_payment(amount):
    charge = stripe.Charge.create(
        amount=amount,
        currency='usd',
        source='tok_visa'
    )
    return charge

Voice-Over Script Format

When recording voice-over separately:

  1. Read naturally - Conversational tone, not robotic
  2. Emphasize key numbers - "TEN seconds", "FIFTY-FOUR checks"
  3. Pause at commas - Natural breathing points
  4. Match screen timing - Sync words with on-screen actions

Example emphasis: - "SQL injection detected. CVSS score nine point eight. Critical severity." - "One click. AI generates the fix. Parameterized query. Secure."

Next Steps

  1. Test Script 1 first - Simplest to record, shortest demo flow
  2. Review footage - Check audio levels, screen clarity, pacing
  3. Iterate - Adjust timing based on actual recording
  4. Create Script 2 & 3 - Apply learnings from Script 1

Goal: 3 polished 1-minute videos ready for LinkedIn/Twitter launch week (Nov 25-Dec 5)

Document Created: 2025-11-17 Purpose: Video recording guidelines for CodeSlick beta launch Target Launch: Week of Nov 25, 2025 (Production Launch - Phase 7 Week 5)