Cool 10,000 foot overview of web application vulnerability assessment. Clearly written and concise.
https://www.codementor.io/@seanhiggins550/the-ins-and-outs-of-penetration-testing-for-web-apps-19jhhqsexo
A really well thought through attack on HTML sanitizers.
https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/
El Reg has a good article on spear-phishing developers to get access to back end tools. This is why the vulnerability analysts tell you to decommission old test systems.
https://www.theregister.com/2020/09/04/disclosure_developer_targeting/
Nice into to blind SQL injection.
http://www.mannulinux.org/2020/09/sql-injection-filter-bypass-to-perform.html?m=1
That's the news, folks. Have a good Labor Day!