• Cross-origin resource sharing (CORS)
• Authentication vulnerabilities
• Cross-site request forgery (CSRF)
• WebSockets vulnerabilities
• API testing
• GraphQL API vulnerabilities
• NoSQL injection
• SQL injection
• Path traversal
• File upload vulnerabilities
• Web cache deception
• Prototype pollution
• Server-side request forgery (SSRF) attacks
• Server-side vulnerabilities
• Race conditions
• Web LLM attacks
• Clickjacking (UI redressing)

Cheatsheets

SQL injection -- LINK