Security Code Review Checklist

Are you concerned with security during your code reviews? Do you know the OWASP Top 10, or the CWE Top 25 by heart?

No? Well, no problem. That’s why code review checklists are so powerful. Because I have been invited to the OWASP DevSlop show, I’ve spent my weekend not only preparing the slides but also preparing a security code review checklist.

In this security code review checklist, I walk you through the most important points such as data and input validation, authentication and authorization, as well as session management and encryption.

Research is very clear on the power of code review checklists. Code reviewers who use a code review checklist outperform code reviewers that don’t. So, I hope this checklist is helpful and valuable to you and that you start boosting your code review effectiveness with it.

You can find the security code review checklist on GitHub, or you can also check-out my general code review checklist here.

If you fancy, you can also watch the OWASP DevSlop episode where I talk about finding security issues in code reviews.

You can also download my slides below. Ah, and if you are interested in the vulnerable code for the code review example, you can find it here: https://github.com/mgreiler/code-reviews

---

Every two weeks, I send an email packed with code review tips or also handy checklists and cheat sheets, as well as updates on my entrepreneurial journey to my loyal email community. Maybe you fancy joining?