HACKER Q&A
📣 aazo11

Pointers to resources for an internal security review


We would like to do a comprehensive security review of our product and code pre-launch as we interact with user databases. While we are well aware of SOC 2 (and might eventually get certification), are interested to know if the community knows of good checklists or other materials they can share.

Searching on Google is pretty useless as the SOC 2 companies flood the results with clickbait and SEO garbage.

  👤 vin01 Accepted Answer ✓
I am not quite sure what you mean with "review" but if it involves actual testing/validation, then depending on the type of application, OWASP web/mobile application testing guides might be a good reference.

- https://owasp.org/www-project-web-security-testing-guide/ass... - https://mas.owasp.org/MASTG/

Feel free to reach out via email in my bio if you need any specific insights. I will be glad to help out.