It is an unfortunate fact that most application developers are not well versed in application security.  This mixed with tight deadlines and loose development methodologies, means that your code probably has some issue when it comes to security. This is why you should be doing code reviews.

Code reviews can take the form of third party or internal peer review. In the case of peer review the developers are checking each others work in a team fashion. This is a great way to cut down on common mistakes and implementation decisions. Every organization that does development should include peer review in the process. 

This, however, is not the entire answer. Security in general, and secure coding specifically, is a specialization that should ideally be performed by someone with training or experience in the area.

When most people (developers) test applications they test for the specific functionaliity requirements. They try to use the application like it is intended to be used. In a security assessment it is most important to think about the ways that the application wasn't intended to be used. This follows for code reviews as well. It is just important to understand how an algorithm , input or output isn't supposed to work as it is to understand how it is supposed to work.

 The  CWE/SANS TOP 25 Most Dangerous Programming Errors list shows a good sample of the types of things that are commonly found in code assessments.