I'm often asked what my process is when auditing, and many times I get the feeling that people think if they have a detailed enough checklist to go through, that they'll be able to make their code safe. However, security isn't a checklist, it's a process that should be part of your mindset not just when writing code, but when thinking about the design of your project and architecture in the first place. It also doesn't stop when you deploy the code, as you learn more ...