Penetration test and partial code review of a client application