Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
Status_Code_Bypass Tips

403 Mindmap

https://pbs.twimg.com/media/EWmW9-tWkAA4vLs?format=jpg&name=900x900

Source

Few Twitter Tips

https://pbs.twimg.com/media/EheFZJvVgAEuzZ1?format=png&name=small

Few More Twitter Tips

​
​

Author