Physical attacks
Mobile Apps Pentesting

Other Web Tricks

Host header

Several times the back-end trust the Host header to perform some actions. For example, it could use its value as the domain to send a password reset. So when you receive an email with a link to reset your password, the domain being used is the one you put in the Host header.Then, you can request the password reset of other users and change the domain to one controlled by you to steal their password reset codes. WriteUp.

Session booleans

Some times when you complete some verification correctly the back-end will just add a boolean with the value "True" to a security attribute your session. Then, a different endpoint will know if you successfully passed that check. However, if you pass the check and your sessions is granted that "True" value in the security attribute, you can try to access other resources that depends on the same attribute but that you shouldn't have permissions to access. WriteUp.

Register functionality

Try to register as an already existent user. Try also using equivalent characters (dots, lots of spaces and Unicode).