A secure code review is a specialized task involving manual and/or automated review of an application’s source code in an attempt to identify security-related flaws in the code.
A secure code review does not attempt to identify every issue in the code, but instead looks to provide insight into what types of problems exist and to help
the developers of the application understand what classes of issues are present. The goal is to arm the developers with information to help them make the
application’s source code more sound and secure.
The goal of a secure code review is to find and identify specific security-related flaws within the code that a malicious user could leverage to compromise confidentiality, integrity, and availability of the application.
Manual & Automated Secure Code Review:
A secure code review can be a manual or automated review, each with advantages and disadvantages. In a manual review, an analyst reviews the code line by line, looking for defects and security related flaws. An automated review uses a tool to scan the code and report potential flaws
Secure code review focuses on seven security areas :