A newly developed internal web application is about to be rolled out to employees, and you want confidence that it does not have obvious, preventable security weaknesses before adoption expands.
How would you test a newly developed internal web application for common security flaws?
