A secure code review is a process of software development involves systematic examination of application code. However, web applications evolving of cyber threats makes it challenging to conduct adequate security. Therefore, this paper conducts a comprehensive secure code review analysis to protect any crucial aspect of web security from potential threats and vulnerabilities. The application code is scanned for security issues during the real review and the results are classified according to the areas of vulnerability. As a result, the application code risk level and list of risk categories were defined. This result assists in prioritizing issues for resolution, beginning with the most critical problems to lower risk levels. Next, list of risk categories that give the most significant security vulnerabilities affect to application codes are defined. SQL injection, weak password handling, insecure direct object reference, information exposure, improper session management, missing input validation, deprecated functions, and lack of comments are defined as a risk category. Moreover, the result of application code weakness in the security of the application code is determined based on the level of risk and categories. Thus, analysis result offers the developers a clear perspective on protects the web applications from threats and vulnerabilities.

Cyber thread; Risk; Secure code; Security; Vulnerabilities; Web application