# Security Review Checklists and Cheat Sheets > **Intro:** Checklists are useful when they are short, role-aware, and attached to real decisions. This page gathers compact review prompts that teams can use during design, PR review, release review, and incident follow-up. > > **What this page includes** > > * one-page checklist ideas > * which checklist belongs to which stage > * how to avoid checklist theater > * how to keep checklists current ## High-value checklist themes * new API or endpoint group review; * new third-party integration review; * new cloud role or workload identity review; * new admin feature review; * pre-release high-risk workflow review; * post-incident hardening review. ## Good checklist habits * keep each checklist short enough for a 5-10 minute review; * link every checklist to a deeper reference page; * retire or merge questions that never change a decision; * add at least one detective-control question, not only preventive checks. ## Example one-page prompts * What identity is acting here? * What data is touched here? * What changes if this workflow is scripted? * What event would prove misuse later? * What default control would have prevented this? ## Related pages * [Architecture Review Question Bank and Decision Records](/application-security-and-secure-sdlc/index/architecture-review-question-bank-and-decision-records.md) *** *Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/learning-labs-interview-and-templates/index-2/security-review-checklists-and-cheat-sheets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.