WithYouWithMe interview question

How do you perform a penetration test on a web application?