Security Review Review Checklist Authentication - [ ] Strong password requirements enforced - [ ] MFA implemented for sensitive operations - [ ] Session tokens are cryptographically secure - [ ] Session timeout is appropriate - [ ] Logout properly invalidates session Authorization - [ ] Access controls checked server-side - [ ] Least privilege principle applied - [ ] Role-based access properly implemented - [ ] Direct object references validated Input Validation - [ ] All input validated server-side - [ ] Input type and length checked - [ ] Special characters properly handled - [ ] File uploa…