Source Code review is one of the best way to identify security flaws in an application. It can either be a web application or a mobile application, by performing source code review, the application will be in a “self defense” mode as the core of the application i.e. source code has been cleaned up to ensure security measures in terms of coding is in place.
Coupled with automated and manual verification process, source code review findings can be optimized in both signature base and human efforts as well. This will ensure that no manual eye balling and blind spots were missed during the assessment and the automated tools will contain the latest signature releases of known vulnerabilities to cross compare with the source code that is scanned.
For Source Code Review, Firmus will be following OWASP Methodology in Secure Coding where it gives a great insight on the common coding errors done by developers and ways to mitigate those errors.