Code Review Introduction – OWASP
This document is not a “How to perform a Secure Code review” walkthrough but more a guide on how to perform a successful review. Knowing the mechanics of code inspection is half the battle but I’m afraid people is the other half.
A proper code review will not only identify vulnerabilities, but will assess which vulnerabilities are at the greatest risk for exploitation.
This document describes how to make the most of a secure code review.