Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications