Recon
Access Control
Open Redirect
LFI
OS Command injection
Clickjacking
SSRF
CSRF
CORS
DOM-based vulnerabilities
Cache Poisoning
Dorks
automate vuln
2FA