recently i was reviewing one application code (was outsourced to some freelancer) and found code was bypassing credential validation for "xyz" . Tough application was small and was not revealing any confidential data but just wondering is there is any guideline or systematic way to find out these type of glitches,specially when application is quite big.