| Technology | spring, rails, laravel, django, express, nextjs, aspnet, iis, php, wordpress, drupal, java, python, ruby, nodejs, javascript, nginx, tomcat, firebase, graphql, aem, adobe, salesforce, aura, lightning, servicenow, powerpages, dataverse, mcp |
| Vulnerability class | injection, xss, sqli, ssti, lfi, rce, ssrf, xxe, csrf, idor, open-redirect, deserialization, prototype-pollution, cache-poisoning, smuggling, race-condition |
| Category | misconfiguration, info-disclosure, fingerprint, authentication, session, cryptography, file-exposure, cloud, cms, api, api-security, header-security, behavior-analysis, supply-chain, source-analysis |
| Resource cost | light (few requests / passive), moderate (typical active scan), heavy (timing-based, blind, many requests) |