RedTahr
commented
4 years ago would page 196 of OWASPs code review doc [https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf] be a suitable reference for this? is three and a half pages basic enough? these Canadian bods have a checklist, do we fork that? https://github.com/softwaresecured/secure-code-review-checklist and SANS always do such pretty checklists, https://www.sans.org/security-resources/posters/cloud-security-devsecops-practices/200/download i'm going to have to summarise these and make a PR at some point.
Create a checklist for carrying out a basic security code review and what you should look for.