Application security audit and red teaming of a finance portal