Web App Pentesting
SQL Injection
NoSQL injection
OS command injection
XXE Injection
Authentication
Access Control
Path Traversal
File Upload Vulnerabilities
Information Disclosure
Business logic vulnerabilities
Server-side request forgery (SSRF)
Cross-Site Scripting (XSS)
Cross-site request forgery (CSRF)
Cross-origin resource sharing (CORS)
Clickjacking
WebSockets
