improve checklist

Author: carlospolop

src/pentesting-web/web-vulnerabilities-methodology.md

@@ -12,7 +12,10 @@ In every Web Pentest, there are **several hidden and obvious places that might b
 
 - [ ] [**Abusing hop-by-hop headers**](abusing-hop-by-hop-headers.md)
 - [ ] [**Cache Poisoning/Cache Deception**](cache-deception/index.html)
+- [ ] [**HTTP Connection Contamination**](http-connection-contamination.md)
+- [ ] [**HTTP Connection Request Smuggling**](http-connection-request-smuggling.md)
 - [ ] [**HTTP Request Smuggling**](http-request-smuggling/)
+- [ ] [**HTTP Response Smuggling / Desync**](http-response-smuggling-desync.md)
 - [ ] [**H2C Smuggling**](h2c-smuggling.md)
 - [ ] [**Server Side Inclusion/Edge Side Inclusion**](server-side-inclusion-edge-side-inclusion-injection.md)
 - [ ] [**Uncovering Cloudflare**](../network-services-pentesting/pentesting-web/uncovering-cloudflare.md)
@@ -29,6 +32,7 @@ In every Web Pentest, there are **several hidden and obvious places that might b
 
 If the introduced data may somehow be reflected in the response, the page might be vulnerable to several issues.
 
+- [ ] [**Client Side Path Traversal**](client-side-path-traversal.md)
 - [ ] [**Client Side Template Injection**](client-side-template-injection-csti.md)
 - [ ] [**Command Injection**](command-injection.md)
 - [ ] [**CRLF**](crlf-0d-0a.md)
@@ -61,6 +65,8 @@ If the functionality may be used to search some kind of data inside the backend,
 - [ ] [**LDAP Injection**](ldap-injection.md)
 - [ ] [**ReDoS**](regular-expression-denial-of-service-redos.md)
 - [ ] [**SQL Injection**](sql-injection/index.html)
+- [ ] [**ORM Injection**](orm-injection.md)
+- [ ] [**RSQL Injection**](rsql-injection.md)
 - [ ] [**XPATH Injection**](xpath-injection.md)
 
 ### **Forms, WebSockets and PostMsgs**
@@ -69,13 +75,15 @@ When a websocket posts a message or a form allowing users to perform actions vul
 
 - [ ] [**Cross Site Request Forgery**](csrf-cross-site-request-forgery.md)
 - [ ] [**Cross-site WebSocket hijacking (CSWSH)**](websocket-attacks.md)
+- [ ] [**Phone Number Injections**](phone-number-injections.md)
 - [ ] [**PostMessage Vulnerabilities**](postmessage-vulnerabilities/index.html)
 
 ### **HTTP Headers**
 
 Depending on the HTTP headers given by the web server some vulnerabilities might be present.
 
 - [ ] [**Clickjacking**](clickjacking.md)
+- [ ] [**Iframe Traps / Click Isolation**](iframe-traps.md)
 - [ ] [**Content Security Policy bypass**](content-security-policy-csp-bypass/index.html)
 - [ ] [**Cookies Hacking**](hacking-with-cookies/index.html)
 - [ ] [**CORS - Misconfigurations & Bypass**](cors-bypass.md)
@@ -87,6 +95,7 @@ There are several specific functionalities where some workarounds might be usefu
 - [ ] [**2FA/OTP Bypass**](2fa-bypass.md)
 - [ ] [**Bypass Payment Process**](bypass-payment-process.md)
 - [ ] [**Captcha Bypass**](captcha-bypass.md)
+- [ ] [**Account Takeover Playbooks**](account-takeover.md)
 - [ ] [**Login Bypass**](login-bypass/index.html)
 - [ ] [**Race Condition**](race-condition.md)
 - [ ] [**Rate Limit Bypass**](rate-limit-bypass.md)
@@ -101,6 +110,7 @@ Some **specific functionalities** may be also vulnerable if a **specific format
 - [ ] [**Deserialization**](deserialization/index.html)
 - [ ] [**Email Header Injection**](email-injections.md)
 - [ ] [**JWT Vulnerabilities**](hacking-jwt-json-web-tokens.md)
+- [ ] [**JSON / XML / YAML Hacking**](json-xml-yaml-hacking.md)
 - [ ] [**XML External Entity**](xxe-xee-xml-external-entity.md)
 - [ ] [**GraphQL Attacks**](../network-services-pentesting/pentesting-web/graphql.md)
 - [ ] [**gRPC-Web Attacks**](grpc-web-pentest.md)
@@ -131,5 +141,74 @@ These vulnerabilities might help to exploit other vulnerabilities.
 - [ ] [**Parameter Pollution**](parameter-pollution.md)
 - [ ] [**Unicode Normalization vulnerability**](unicode-injection/index.html)
 
+### **Web Servers & Middleware**
+
+Misconfigurations in the edge stack often unlock more impactful bugs in the application layer.
+
+- [ ] [**Apache**](../network-services-pentesting/pentesting-web/apache.md)
+- [ ] [**Nginx**](../network-services-pentesting/pentesting-web/nginx.md)
+- [ ] [**IIS**](../network-services-pentesting/pentesting-web/iis-internet-information-services.md)
+- [ ] [**Tomcat**](../network-services-pentesting/pentesting-web/tomcat/)
+- [ ] [**Spring Actuators**](../network-services-pentesting/pentesting-web/spring-actuators.md)
+- [ ] [**PUT Method / WebDAV**](../network-services-pentesting/pentesting-web/put-method-webdav.md)
+- [ ] [**Special HTTP Headers**](../network-services-pentesting/pentesting-web/special-http-headers.md)
+- [ ] [**WSGI Deployment**](../network-services-pentesting/pentesting-web/wsgi.md)
+- [ ] [**Werkzeug Debug Exposure**](../network-services-pentesting/pentesting-web/werkzeug.md)
+
+### **Application Frameworks & Stacks**
+
+Framework-specific primitives frequently expose gadgets, dangerous defaults, or framework-owned endpoints.
+
+- [ ] [**Django**](../network-services-pentesting/pentesting-web/django.md)
+- [ ] [**Flask**](../network-services-pentesting/pentesting-web/flask.md)
+- [ ] [**NodeJS / Express**](../network-services-pentesting/pentesting-web/nodejs-express.md)
+- [ ] [**Angular**](../network-services-pentesting/pentesting-web/angular.md)
+- [ ] [**Vue / Nuxt**](../network-services-pentesting/pentesting-web/vuejs.md)
+- [ ] [**Next.js**](../network-services-pentesting/pentesting-web/nextjs.md)
+- [ ] [**Laravel**](../network-services-pentesting/pentesting-web/laravel.md)
+- [ ] [**Symfony**](../network-services-pentesting/pentesting-web/symphony.md)
+
+### **CMS, SaaS & Managed Platforms**
+
+High-surface products often ship with known exploits, weak plugins, or privileged admin endpoints.
+
+- [ ] [**WordPress**](../network-services-pentesting/pentesting-web/wordpress.md)
+- [ ] [**Joomla**](../network-services-pentesting/pentesting-web/joomla.md)
+- [ ] [**Drupal**](../network-services-pentesting/pentesting-web/drupal/)
+- [ ] [**Moodle**](../network-services-pentesting/pentesting-web/moodle.md)
+- [ ] [**Prestashop**](../network-services-pentesting/pentesting-web/prestashop.md)
+- [ ] [**Atlassian Jira**](../network-services-pentesting/pentesting-web/jira.md)
+- [ ] [**Grafana**](../network-services-pentesting/pentesting-web/grafana.md)
+- [ ] [**Rocket.Chat**](../network-services-pentesting/pentesting-web/rocket-chat.md)
+- [ ] [**Zabbix**](../network-services-pentesting/pentesting-web/zabbix.md)
+- [ ] [**Microsoft SharePoint**](../network-services-pentesting/pentesting-web/microsoft-sharepoint.md)
+- [ ] [**Sitecore**](../network-services-pentesting/pentesting-web/sitecore/)
+
+### **APIs, Buckets & Integrations**
+
+Server-side helpers and third-party integrations can expose file parsing or storage-layer weaknesses.
+
+- [ ] [**Web API Pentesting**](../network-services-pentesting/pentesting-web/web-api-pentesting.md)
+- [ ] [**Storage Buckets & Firebase**](../network-services-pentesting/pentesting-web/buckets/)
+- [ ] [**Imagemagick Security**](../network-services-pentesting/pentesting-web/imagemagick-security.md)
+- [ ] [**Artifactory & Package Registries**](../network-services-pentesting/pentesting-web/artifactory-hacking-guide.md)
+- [ ] [**Code Review Tooling**](../network-services-pentesting/pentesting-web/code-review-tools.md)
+
+### **Supply Chain & Identifier Abuse**
+
+Attacks that target build pipelines or predictable identifiers can become the initial foothold before exploiting traditional bugs.
+
+- [ ] [**Dependency Confusion**](dependency-confusion.md)
+- [ ] [**Timing Attacks**](timing-attacks.md)
+- [ ] [**UUID Insecurities**](uuid-insecurities.md)
+
+### **Web3, Extensions & Tooling**
+
+Modern applications extend into browsers, wallets, and automation pipelines—keep these vectors in scope.
+
+- [ ] [**dApps / Decentralized Applications**](dapps-DecentralizedApplications.md)
+- [ ] [**Browser Extension Pentesting**](browser-extension-pentesting-methodology/)
+- [ ] [**wfuzz Web Fuzzing**](web-tool-wfuzz.md)
+
 
 {{#include ../banners/hacktricks-training.md}}