We perform Code Reviews as a part of our Whitebox Testing Model. We extensively cover the following 10 pointers:

  1. Database Security
  2. File Management
  3. Input Validation
  4. Authentication and Password Management
  5. Session Management
  6. Access Control
  7. Cryptographic Practices
  8. Error Handling and Logging
  9. System Configuration
  10. Usage of passwords in source code