Web application penetration testing specifically targets websites and web-based applications, probing for vulnerabilities like Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF). It scrutinizes the behavior of the web app under simulated attacks, evaluating factors such as input validation, session management, and error handling.