Security focused code review

I've been doing a lot of security-focused code reviewing lately, and got some insights. Especially when using C and below.
So, what to look for?

Inputs validation

I suppose it is trivial, but are the inputs validated correctly?

Time of check, time of use

Well, the inputs were validated, but are they under external control?
If they are, the attacker will be able to change them after they were validated, and cause havoc.
It is not really relevant in case of web requests, but when two entities communicate using shared memory it can happen.

Accessing single resource

When you have multiple threads and single resource, do note how the access is controlled.
Give special care for the initiation of the locking mechanism.
In general multi threading programming is hard, and the lower-level of the programming, the harder it gets.

Array Access

Every time an array is accessed, ask yourself if there is a possibility of out-of-bound access.

Using sizeof

Using sizeof can be tricky. If 'a' is an array, sizeof(a) can be either the size of the whole array, or equal to sizeof(void*). Then things won't behave correctly.

Handling faults

We all know that programmers program for the sunny day case. What happen when things go wrong? Is it even checked? handled?