End to end review of your authentication and user management code and packages.
Authorisation code reviews to ensure you avoid any unauthorized accesses.
Storage, cookies, sessions are reviewed here.
All external inputs, HTTP Headers etc are reviewed to check they are validated without exception.
All encryption and encoding standards are reviewed.
Exception handling code is reviewed to ensure that all generic exceptions are handled.
Logging code related to User and sensitive activities are reviewed. .
Libraries and configurations reviews.