Web application penetration test of two SharePoint based and one Ruby on Rails based applications with a focus on access control