A kind of white-box testing which is used for determining inconsistencies and errors that cannot be identified using black-box approaches and often results in disclosure of critical vulnerabilities. It consists of
Source code analysis – This testing can be done with the use of source code analyzer
Code review – This review is performed by the testing team to detect all the flaws that were missed after automatic analysis. Deeper investigation of risky code is also performed.