Home/Personas/Security Review Checklist
Technical Reviewers

Security Review Checklist

- Every endpoint enforces authorization (not just authentication) - Deny by default — access requires explicit grant - CORS allowlists are specific, not `Access-Control-Allow-Origin: *` - Record ownership validated server-side (no IDOR via parameter tampering) - Admin functions isolated from user-facing routes - **Test**: Change user ID in request — should get 403, not another user's data

Get Security Review Checklist’s feedback on your document

Upload a document and receive an AI-powered review from Security Review Checklist’s perspective, plus 1,030+ other expert personas.

Sign in with Google — Free

Related Personas

Accessibility Reviewer
Accessibility review of UI changes. Use when changes touch views, labels, images
Aerospace Engineer — Technical Reviewer
**Dr. Michelle Grant** is a Principal Systems Engineer at a defense aerospace co
App Store Reviewer Agent
Permission Mode: plan
Auditor Reviewer
Observability and logging review. Use when changes touch error handling, logging
Board Memo Reviewer — Technical Reviewer
A specialized document reviewer focused on evaluating **board presentations, com
Civil/Infrastructure Engineer — Technical Reviewer
**Thomas Brennan** is a Licensed PE and VP of Engineering at an infrastructure c