Security checklists
Copy-paste security checklists for the moments when you are about to ship something new.
Pre-launch security checklist — before your app meets real users
The 42-item checklist to run before your AI-built app hits production. Covers auth, data, secrets, dependencies, headers, logging. Solo-founder-friendly.
SOC 2 checklist for startups — the 6-week pass plan
Everything you need to pass SOC 2 Type 1 as a solo founder or small startup in six weeks. Policies, controls, evidence, auditor handoff.
Supabase launch checklist — ship without leaking data
Twenty-item checklist before your Supabase-backed app hits real users. RLS policies, bucket permissions, function auth, service-role hygiene.
Next.js security checklist — 2026 production ready
The full Next.js security checklist for 2026. Middleware, server actions, env vars, headers, dependencies. Works for 14 and 15.
AI feature security checklist — LLMs, RAG, agents
The security checklist for adding AI features to your app. Prompt injection, tool-scope, RAG poisoning, rate limits, cost control.
Open-source release security checklist
Before you publish your repo, your npm package, or your PyPI library — run this checklist. Covers history, secrets, dependencies, provenance.
Security questionnaire checklist — answer 'yes' to every enterprise ask
The generic enterprise security questionnaire has 150-400 questions. This checklist covers the 60 most-asked. If you can answer yes to all of these, you can sell to enterprise.
Vibe coding security checklist — before your app goes viral
Twenty checks every vibe-coded app (Lovable / Bolt / v0 / Replit / Cursor) should pass before shipping to real users. The defense for when the Twitter tweet hits.