Penetration test and partial code review of an XML web interface