Programmers often follow incorrect programming practices which lead to security flaws. Thus, it is important to perform code review to capture security loopholes.Source code review is the security audit of the code used for developing the web applications. It offers is useful for determining whether proper security controls have been implemented by the developers and at right places. Code Review helps the developers of the application to find the security issues and mitigate them. Secure code review helps to maintain a level of consistency in software design and implementation. Source code analysis not only identifies which statement on which line of code is vulnerable but is also able to identify the tainted variable that introduces the vulnerability. In this way it illustrates the propagation from root cause, to end result. This provides application developers with an end to end overview of each instance of vulnerability, allowing them to quickly understand the nature of the problem.
Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.