Source Code Analysis steps:
Application's logic discovering – analysis of application logic, identification of potentially vulnerable places.
Source code analysis – vulnerabilities discovering in application source code.
Risk assessment - potential damage assessment of every discovered vulnerability.
Fixing vulnerabilities – making of ready patches or development of vulnerability elimination recommendations.
Creating a detailed report.
List of attack classes which should be checked:
XSS (Cross Site Scripting)
Weak Password Recovery Validation
Shell Command Execution
Predictable Resource Location
Abuse of Functionality