Security Auditing

OWASP Top 10 Checklist

1. Injection

• SQL queries use parameterized statements
• Shell commands don't include user input
• LDAP/XPath queries are sanitized

// VULNERABLE - SQL injection
db.query(`SELECT * FROM users WHERE id = ${userId}`);

// SAFE - parameterized query
db.query('SELECT * FROM users WHERE id = $1', [userId]);