Reconnaissance
Testing input validation
Server issues
Testing authentication
Testing session management
Testing business logic
Cache attacks
Others
OAuth2