Web Application Penetration Testing is the procedure which uses penetration testing methods on a web app to find vulnerabilities. The process uses either manual or automated tests to spot any vulnerability, security issues, or threats to web applications. Using any of the known malicious attacks, the tester shows and mimics attacks from the attacker’s point of view — such as using SQL injection testing.