15 lines
593 B
Markdown
15 lines
593 B
Markdown
# Security Checklist
|
|
|
|
- [ ] Input validation on all entry points
|
|
- [ ] SQL injections: parameterized queries used
|
|
- [ ] XSS: output data escaped
|
|
- [ ] Authorization: checked on every endpoint
|
|
- [ ] Authentication: tokens/sessions have TTL
|
|
- [ ] Secrets: not stored in code, vault/env used
|
|
- [ ] Logging: sensitive data does not leak into logs
|
|
- [ ] Rate limiting: configured on public endpoints
|
|
- [ ] CORS: configured correctly
|
|
- [ ] Dependencies: no known CVEs (checked via `audit`)
|
|
- [ ] Errors: do not expose internal structure in API responses
|
|
- [ ] File uploads: type and size validation
|