Code review is an important part of the development process that can help to identify issues with the quality of the software. Secure code reviews are a specific type of code review that specifically evaluates the security of the software’s source code. Activities that don’t include the source code (like DAST tools and pen tests) are not considered “secure code review.”
Some of the steps in a secure code review can be assisted by automated tools, but many need a human for critical thinking and understanding of real-world processes. In this post, we will explore the different things you should do during a secure code review, point out which of those things can be automated, and then summarize everything into a cheat sheet for you to reference when performing your own secure code reviews!