Audit of an internal web application including code review for Log4j vulnerabilities