An organisation usually has various web applications running such as the corporate website, customer portals and internal systems. Each web application serves a different purpose, and each web application is also designed differently. Ensuring that all web applications are secure is not an easy task to completed and maintained on a periodic basis.
However, it is important that the web applications are tested thoroughly to ensure that there are no weak points for an attacker to exploit. Usually, there will one or more insecure web applications running. The vulnerabilities on the web application can range from a lack of input validation, SQL injection and/or unencrypted communications. An attacker can manipulate one or more of these vulnerabilities in order to gain access to the web application and potentially traverse within the internal organisational network.