Penetration test of an intranet web application for internal workers. The focus was on authentication, authorisation and general OWASP top 10 vulnerabilities.