Add content from: Research Update: Enhanced src/pentesting-web/web-vulnerabili...

Author: HackTricks News Bot

src/pentesting-web/web-vulnerabilities-methodology.md

@@ -101,6 +101,8 @@ Some **specific functionalities** may be also vulnerable if a **specific format
 - [ ] [**Email Header Injection**](email-injections.md)
 - [ ] [**JWT Vulnerabilities**](hacking-jwt-json-web-tokens.md)
 - [ ] [**XML External Entity**](xxe-xee-xml-external-entity.md)
+- [ ] [**GraphQL Attacks**](../network-services-pentesting/pentesting-web/graphql.md)
+- [ ] [**gRPC-Web Attacks**](grpc-web-pentest.md)
 
 ### Files
 
@@ -128,7 +130,10 @@ These vulnerabilities might help to exploit other vulnerabilities.
 - [ ] [**Unicode Normalization vulnerability**](unicode-injection/index.html)
 
 
-{{#include ../banners/hacktricks-training.md}}
 
 
+## References
 
+* [GraphQL vulnerabilities and common attacks seen in the wild (Security Boulevard, 2024)](https://securityboulevard.com/2024/08/graphql-vulnerabilities-and-common-attacks-seen-in-the-wild/)
+* [gRPC-Go HTTP/2 Rapid Reset advisory (GitHub Security Advisory, 2023)](https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g)
+{{#include ../banners/hacktricks-training.md}}