Source code security analysis (source code review) is the examination of an application source code to find errors overlooked in the initial development phase.
• Identify Vulnerabilities building on information gathered. • Assess the existence of code vulnerabilities or security misconfiguration by running automated tools, open source tools, custom scripts to ensure if application code base contain any smelly code.
• Manual Security Testing: Senior development team work then to ensure the vulnerabilities are not false positive then verifies the majority of the vulnerabilities and security flaws.
• Result Analysis: Review the vulnerabilities found in the previous phase, and manually verify the identified vulnerabilities and eliminate false positives.
Report identified vulnerabilities including impact rating and recommended action to mitigation them