Web Application

Path Traversal (LFI - RFI)
Injection
Code Injection
File Upload
Access Control
Session Management
Authentication
XXE
CMS

API