PS Product SecurityKnowledge Base

๐Ÿ“‹ Security Review Checklists and Cheat Sheets

Intro: Checklists are useful when they are short, role-aware, and attached to real decisions. This page gathers compact review prompts that teams can use during design, PR review, release review, and incident follow-up.

What this page includes

  • one-page checklist ideas
  • which checklist belongs to which stage
  • how to avoid checklist theater
  • how to keep checklists current

High-value checklist themes

  • new API or endpoint group review;
  • new third-party integration review;
  • new cloud role or workload identity review;
  • new admin feature review;
  • pre-release high-risk workflow review;
  • post-incident hardening review.

Good checklist habits

  • keep each checklist short enough for a 5-10 minute review;
  • link every checklist to a deeper reference page;
  • retire or merge questions that never change a decision;
  • add at least one detective-control question, not only preventive checks.

Example one-page prompts

  • What identity is acting here?
  • What data is touched here?
  • What changes if this workflow is scripted?
  • What event would prove misuse later?
  • What default control would have prevented this?

Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.