Static code scanning is the process of analyzing source code to look for security vulnerabilities. It can be done manually or using automated tools. Static code scanning is a form of code review.


Steps in Code Review:


1. Gather information about the code - See the code and try to understand what it does.


2. Check for errors and inconsistencies - Check for errors and inconsistencies in the code.


3. Check for proper use of language and structure - Check for proper use of language and structure.


4. Check for logical consistency and correctness - Check for logical consistency and correctness.


Some of the most popular code review scanners include:


1. Checkmarx


2. Veracode


3. Whitehat Security


4. Appscan


5. Fortify


6. Arachni


7. Brakeman


8. Ratproxy


9. W3af


10. N-Stalker