Use of automated review tools to detect common application flaws
                    before moving to production






















































               FIGURE 15.9 Fagan inspections follow a rigid formal process, with
               defined entry and exit criteria that must be met before transitioning
               between stages.

               Each organization should adopt a code review process that suits its

               business requirements and software development culture.


               Static Testing

               Static testing evaluates the security of software without running it by
               analyzing either the source code or the compiled application. Static
               analysis usually involves the use of automated tools designed to detect