Before Committing
Before Committing
- No hardcoded secrets (passwords, API keys, tokens)
- No sensitive data in logs
- Input validation on all user inputs
- Output encoding for all dynamic content
- SQL queries use parameterized statements
- Authentication checks on all protected routes
- Authorization checks for all resource access
- Error messages don't leak sensitive information
- All dependencies are up to date
- Security tests pass