22 lines
1.2 KiB
Markdown
22 lines
1.2 KiB
Markdown
# Security Review Guidelines
|
|
|
|
## General Principles
|
|
- Follow the principle of least privilege.
|
|
- Validate and sanitize all user inputs.
|
|
- Use secure coding practices to prevent common vulnerabilities.
|
|
- Keep dependencies up to date and monitor for known security issues.
|
|
- Implement proper authentication and authorization mechanisms.
|
|
- Encrypt sensitive data at rest and in transit.
|
|
- Log security-relevant events and monitor for suspicious activities.
|
|
|
|
## Specific Checks
|
|
- [ ] Input validation and sanitization (SQL injection, XSS, command injection, etc.).
|
|
- [ ] Proper authentication and session management.
|
|
- [ ] Authorization checks (users can only access resources they are permitted to).
|
|
- [ ] Secure handling of sensitive data (passwords, tokens, PII).
|
|
- [ ] Use of up-to-date and secure dependencies (no known vulnerabilities).
|
|
- [ ] Proper error handling that does not leak sensitive information.
|
|
- [ ] Secure configuration (e.g., not using default passwords, disabling unnecessary services).
|
|
- [ ] Communication security (use of HTTPS, proper certificate validation).
|
|
- [ ] Protection against CSRF, clickjacking, and other web vulnerabilities.
|
|
- [ ] Secure file uploads (if applicable). |