# Chapter 11: Exploitation OWASP

Coming across a custom-built application requires you to know the OWASP top 10 vulnerabilities such as XSS SQLI, LFI, RFI, CSRF, XXE, and SSRF.

You need to use the [Burp Suite](https://portswigger.net/burp) tool.

You can use a mix of automated scanners and manual testing as they both have their pros and cons.