OWASP is basically the Open Web Application Security Project and this the best place when it comes to web application penetration testing.Very Important resource .

The top 10 include →


Broken Authentication,

Sensitive Data Exposure ,

XML External Entities,

Broken Access Control,

Security Misconfiguration,


Insecure Deserialization

Using Components with Known Vunerabilites.

Best thing to use to check if your site is protected against all the OWASP vulnerablities is go throught he OWASP Checklist which you can find here.


and to find also written information about these attacks and stuff and also in some parts telling you what to do you can go to this pdf and go to section 4 and you will see them there .