# Stack-Specific Review Checklists and Release Criteria > **Intro:** A good secure-engineering guide changes pull requests and release reviews. This page turns the stack guidance into short checklists teams can actually use. > > **What this page includes** > > * review checklists by stack family > * release criteria that catch structural mistakes > * how to scale review quality without slowing everything down > * what to automate first ## Backend service checklist * request validation present and explicit; * authN and authZ paths separated clearly; * object-level authorization verified; * secrets loaded from approved mechanisms only; * debug and admin routes reviewed; * high-risk actions logged with actor and object context. ## Frontend checklist * cookies and session posture validated; * no secrets in build artifacts; * API origins and CORS aligned with production intent; * third-party scripts inventoried; * upload and download flows reviewed. ## CI-friendly release criteria Automate first: * secret scanning; * dependency and container scanning; * config linting; * infrastructure policy checks; * artifact provenance where maturity allows. Reserve human review for: * tenant isolation decisions; * admin-plane changes; * high-risk data flows; * new federation or third-party trust paths. ## Related pages * [Code Vulnerability Examples and Fixes by Language](/application-security-and-secure-sdlc/index-4/code-vulnerability-examples-and-fixes-by-language.md) * [GitLab CI YAML Deep Dive](/devsecops-cicd-and-supply-chain/index-1/gitlab-ci-yaml-deep-dive.md) *** *Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/application-security-and-secure-sdlc/index-4/stack-specific-review-checklists-and-release-criteria.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.