Security Code Review Checklist

Are you concerned with security during your code reviews? Do you know the OWASP Top 10, or the CWE Top 25 by heart?

No? Well, no problem. That’s why code review checklists are so powerful. Because I have been invited to the OWASP DevSlop show, I’ve spent my weekend not only preparing the slides but also preparing a security code review checklist.

In this security code review checklist, I walk you through the most important points such as data and input validation, authentication and authorization, as well as session management and encryption.

Research is very clear on the power of code review checklists. Code reviewers who use a code review checklist outperform code reviewers that don’t. So, I hope this checklist is helpful and valuable to you and that you start boosting your code review effectiveness with it.

You can find the security code review checklist on GitHub, or you can also check-out my general code review checklist here.

Screenshot of the security code review checklist

If you fancy, you can also watch the OWASP DevSlop episode where I talk about finding security issues in code reviews.

You can also download my slides below. Ah, and if you are interested in the vulnerable code for the code review example, you can find it here:

You can download the slides for my talk by clicking on the image.

Every two weeks, I send an email packed with code review tips or also handy checklists and cheat sheets, as well as updates on my entrepreneurial journey to my loyal email community. Maybe you fancy joining?

I want in!

Powered by EmailOctopus

Dr. Michaela Greiler

I help companies improve their software development processes, like code reviewing or software testing. I work for corporations such as Microsoft, but also help smaller businesses and start-ups to ensure a productive, satisfying and efficient software engineering process.

One thought on “Security Code Review Checklist

  • February 9, 2021 at 17:26

    Great advice! Do you know if any tools incorporate these checklists? Might be an interesting addition…


Leave a Reply

Your email address will not be published. Required fields are marked *