SQL Injection
Price Manipulation
Race Condition
Http Parameter Pollution
CRLF injection
Cookie Stealing
Server Hijack
Server Access
Website Admin Takeover
Cookie Manipulation Attacks
XXE Injection
Authentication Bypass Attacks
Brute Force/Rate Limit Attacks
Senstive Information Leakage
Application logic flaws
Forced browsing
Access and authentication controls
Session management
Session Fixation Attacks
Cookie manipulation
Horizontal escalation
Vertical escalation
Brute-force password guessing
Poor server configuration
Information leakage
Source code disclosure
Response splitting
File upload/download attacks
Parameter tampering
URL manipulation
Injection attacks for HTML, SQL, XML, SOAP, XPATH, LDAP
Fuzzing
Manual tests