Involves reviewing the source code of an application for vulnerabilities, vulnerabilities, and security weaknesses.