Security code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.
Code review helps ensure that the application has been developed in such as way that it is capable of being “self-defending” in the environment it is meant for.
It helps assure secure application developers are adhering to secure development techniques.
A general rule of thumb is that a penetration test should not uncover any additional application vulnerabilities in the developed code once the application has undergone a proper security code review.
🔗Reference : stackoverflow.com
🔗Source: Interview Questions and Answers
🔗Reference: Javatpoint.com
