Beyond the Top Ten or Top 25

The OWASP top ten is a general list of major vulnerabilities found in web applications and it serves as a starting point for understanding most of them, however as a bug hunter you must be aware of what is happening beyond this list and which issues are being discovered, especially new forms of attack or even very old ones. Another famous list is the Sans to 25

Research and Google search

By visiting and becoming part of the bug bounty programs, it is possible to check what other hackers have found and what kind of vulnerabilities are being discovered on these major websites. It seems to be a trend where hackers will focus on one of these vulnerabilities and will find some of the same on different websites

Examples

• Homograph attacks
• XXE attacks
• XML injections