Today, the majority of business processess and communications take place over the Internet, thanks to web applications, which are the product of several programming techniques and tools. The aforementioned techniques and tools are extremely fast to develop and upgrade, but from the security and safety point of view this is not necessarily always good. The problem, which arises is that many companies spend large amounts of budget only on development, and not enough money is left for safety and security testing. Safety and security checks are usually done right at the end when the product is ready to be delivered to the customer. While this approach is better than not having a security check, the best practice is for developers to be aware of the vulnerabilities of the system they are developing and to take this into account when developing and implementing it. Information security deals with these aspects. In general, information security means the protection of information systems and data against unauthorized access, disclosure, alteration or destruction. In my diploma thesis I will focus on penetration testing and description of vulnerabilities of web applications and tools that I will use to reveal these vulnerabilities. This way the reader will be introduced to penetration testing of web applications.