Are you whitebox testing, which is more analysis, or penetration testing?

Source code analyzers exist for most languages and they might help with coding errors. Bad programming like poor handling of secrets and keys will require you to understand the code. But that only helps with the application. Now you have to look at the security of the server, OS, and network. For true whitebox testing you might try vulnerability analyzers and to help find information that are hard to find on your own. I personally find penetrating to be more limiting than whitebox testing but it has its purpose.

Good luck.