Basics on Web App Pen Testing