ADACOM S.A. successfully completed a web application security assessment for one of the largest private Banks in Serbia. The scope of the assessment included a strong authentication internet application offering services to the Bank’s clients. During the testing period, a number of different scenarios were performed, examining the security level of the authentication mechanisms protecting the web application and the corresponding services. ADACOM team discovered a series of vulnerabilities that could be potentially exploited and proposed a wide variety of mitigation actions to the Bank, in order to eliminate the aforementioned vulnerabilities and strengthen the overall web application security level. After the Bank has completed the mitigation actions, ADACOM retested the web application and documented the timeline of findings and the associated corrective actions.