Which secure software development practice involves reviewing code to identify security flaws before deployment?