# Security Review Guidelines

## General Principles
- Follow the principle of least privilege.
- Validate and sanitize all user inputs.
- Use secure coding practices to prevent common vulnerabilities.
- Keep dependencies up to date and monitor for known security issues.
- Implement proper authentication and authorization mechanisms.
- Encrypt sensitive data at rest and in transit.
- Log security-relevant events and monitor for suspicious activities.

## Specific Checks
- [ ] Input validation and sanitization (SQL injection, XSS, command injection, etc.).
- [ ] Proper authentication and session management.
- [ ] Authorization checks (users can only access resources they are permitted to).
- [ ] Secure handling of sensitive data (passwords, tokens, PII).
- [ ] Use of up-to-date and secure dependencies (no known vulnerabilities).
- [ ] Proper error handling that does not leak sensitive information.
- [ ] Secure configuration (e.g., not using default passwords, disabling unnecessary services).
- [ ] Communication security (use of HTTPS, proper certificate validation).
- [ ] Protection against CSRF, clickjacking, and other web vulnerabilities.
- [ ] Secure file uploads (if applicable).