gskaro-v1/.skaro/templates/security-checklist.md

Security Checklist

• Input validation on all entry points
• SQL injections: parameterized queries used
• XSS: output data escaped
• Authorization: checked on every endpoint
• Authentication: tokens/sessions have TTL
• Secrets: not stored in code, vault/env used
• Logging: sensitive data does not leak into logs
• Rate limiting: configured on public endpoints
• CORS: configured correctly
• Dependencies: no known CVEs (checked via audit)
• Errors: do not expose internal structure in API responses
• File uploads: type and size validation