Web application penetration tests of a customer portal and the user administration by the back office as well as verification if the applications and infrastructure comply with internal security regulations