Security problems are both a large and growing concern today. Many security breaches are the result of security vulnerabilities introduced during the code construction phase. These vulnerabilities sometimes occur due to poor security training of the developer, and sometimes they are simply created by accident. Static analysis, examination of the application source code with a specialty tool, is the current solution to this problem. Unfortunately, this process produces an extremely large amount of false positives. It also cannot detect application specific issues without custom rules for each application. Consequently, these tools are often used only by security experts or abandoned entirely. In this dissertation, I conduct an interview study of application security experts to gain an understanding of their workflows and the organizational, technical, and communication challenges they face today. From these findings, I introduce tool assisted security code review fed by interactive static analysis and interactive annotation as a solution to detect and remediate greater numbers of vulnerabilities. In this dissertation, I also explore the process, warnings, and collaboration between the various roles of users for this type of tool. Lastly, I provide a set of design guidelines for security code review tools.