Web security testing guide based on OWASP methodology, covering the most important tests for each Top 10 category.
# Recon: whatweb + gobuster + robots.txt
# Auth: hydra brute force + default creds
# IDOR: change IDs in requests
# SQLi: ' OR '1'='1 → sqlmap
# XSS: <script>alert(1)</script>
# CSRF: form without token → PoC
# Headers: curl -I + securityheaders.com