Security Checklist

Security review checklist based on OWASP Top 10.

Input Validation

• Validate all user input
• Use parameterized queries (no SQL concat)
• Sanitize HTML output (prevent XSS)
• Validate file uploads (type, size)

Authentication

• Hash passwords (bcrypt, argon2)
• Use secure session management
• Implement rate limiting
• Require strong passwords

Authorization