Static code scanning is the process of analyzing source code to look for security vulnerabilities. It can be done manually or using automated tools. Static code scanning is a form of code review.
Steps in Code Review:
1. Gather information about the code - See the code and try to understand what it does.
2. Check for errors and inconsistencies - Check for errors and inconsistencies in the code.
3. Check for proper use of language and structure - Check for proper use of language and structure.
4. Check for logical consistency and correctness - Check for logical consistency and correctness.
Some of the most popular code review scanners include:
1. Checkmarx
2. Veracode
3. Whitehat Security
4. Appscan
5. Fortify
6. Arachni
7. Brakeman
8. Ratproxy
9. W3af
10. N-Stalker