Source Code Assessment Strategies

Must be ideal thought day even though I'm doing billable work :-)

When reviewing source code, I find I use these three strategies / heuristics:

• Breadth-first, shallow depth
• Depth-first, based on information / judgment
• Hill-climbing, using general security categories as neighbors

Breadth-first is used to get a feel for the app. If something smells about the app, then a depth-first occurs at that area after the breadth-first search. Also, any business drivers or common application patterns are used to drive other depth-first searches. Once these are exhausted, any other security categories are chosen and followed, almost like a stochastic hill-climbing strategy. Usually by this time, project time is running out and documentation is occurring.

What do you use?