Secure Code Review Checklist
The intent at a High Level
Preparing for the review
Tools
IDE that allows:
Global searches across the codebase
Prerequisites
Overview of how the app works
Important functionalities
Frameworks and libraries or SBOM
Add-ons or plugins in use
Common vulnerabilities for the application type
Secure Code Review Criteria
Input Validation
Authentication and User Management
Authorization
Session Management
Encryption & Cryptography
Exception Handling
Reducing the attack surface
For more insights into code reviews go to awesomecodereviews.com.