Why Source Code Review?
Source code review, also known as Security Code Review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.
There are vulnerabilities that may not be uncovered during the process of penetration testing, security code review is the best avenue to uncover those vulnerabilities. Some of these application vulnerabilities may be introduced by the application developer either knowingly or unknowingly, such as application “Easter Eggs”, Logic Bombs and even Backdoors.