Web application penetration test of a lottery and re-test of known risks