https://github.com/tanprathan/OWASP-Testing-Checklist
3 stages
Look in the intercepted request architecture
Scan is a pro feature → scanning is nice but not exhaustive
crawling / spidering → go out to different web sites winthin the branch
Active scanning → find issues but not exhaustive
intercept request
→ can limit intercept to scope
→ send it to repeater