security-review
Security Review
Review Checklist
Authentication
- Strong password requirements enforced
- MFA implemented for sensitive operations
- Session tokens are cryptographically secure
- Session timeout is appropriate
- Logout properly invalidates session
Authorization
- Access controls checked server-side
- Least privilege principle applied
- Role-based access properly implemented
- Direct object references validated
Input Validation
- All input validated server-side
More from nguyenhuuca/assessment
compliance
Ensure regulatory compliance. Use when implementing GDPR, HIPAA, PCI-DSS, or SOC2 requirements. Covers compliance frameworks and controls.
19requirements-analysis
Analyze and refine product requirements. Use when clarifying scope, identifying gaps, or validating requirements. Covers requirement types and analysis techniques.
16identity-access
Implement identity and access management. Use when designing authentication, authorization, or user management. Covers OAuth2, OIDC, and RBAC.
13execution-roadmaps
Create execution roadmaps for projects. Use when planning multi-phase projects or feature rollouts. Covers phased delivery and milestone planning.
12cloud-native-patterns
Apply cloud-native architecture patterns. Use when designing for scalability, resilience, or cloud deployment. Covers microservices, containers, and distributed systems.
12agile-methodology
Apply agile development practices. Use when planning sprints, running ceremonies, or improving team processes. Covers Scrum, Kanban, and agile principles.
12