Portswigger's Web Academy solutions writeup for your reference to learn manual Web Application Penetration Testing
- Server-side Vulnerabilities
- Path Traversal
- API Pentest
- SSRF
- CSRF
- File Upload Vulnerabilities
- Clickjacking
- Web Cache Deception
- Prototype Pollution
- SQL Injection
- CORS Vulnerabilities
- Race Conditions