-
Read the writeups repository, mainly all *.feature files, specifically inside the static detection section: https://gitlab.com/fluidattacks/writeups/tree/master/vbd
-
CWE, CAPEC could be a nice source of info.
-
Finally, all the security requirements are another source of inspiration: https://fluidattacks.com/web/rules/
4 Likes