Our Web Application Penetration Testing (WAPT) focuses on the thorough security assessment of a web application. The process involves an active analysis of the application to identify any weaknesses, technical flaws and vulnerabilities, analyzing various areas such as distribution configuration management, identity management, authentication, authorization, session management, input validation, error handling, encryption, application logic, and the client side. We try to identify and exploit all the vulnerabilities of the customer’s web application by showing the attack surface, performing over 66 security checks according to the international OWASP standard with a best-effort approach.