Also called whitebox testing. We review the source code of the application to identify possible security holes before than the production deploy.
Usually, in applications that have hundreds of options and possibilities, a blackbox test covering the 100% of it, is more expensive.
If you have the source code for review of safety items, many of the vulnerabilities can be fixed in the same code. However the best results are always obtained from a combination of code review and blackbox testing.