A secure code review is a specialized task involving manual and/or automated review of an application’s source code in an attempt to identify security-related flaws in the code.
A secure code review does not attempt to identify every issue in the code, but instead looks to provide insight into what types of problems exist and to help
the developers of the application understand what classes of issues are present. The goal is to arm the developers with information to help them make the
application’s source code more sound and secure.
The goal of a secure code review is to find and identify specific security-related flaws within the code that a malicious user could leverage to compromise confidentiality, integrity, and availability of the application.