Hi everyone, I’ve been working in Web Security for about 2 years now. During black-box testing, I’m very comfortable finding standard vulnerabilities like XSS, SQLi, Auth bypasses, and various Business Logic flaws. I am intimately familiar with the OWASP Top 10. However, lately, I’ve hit a wall. I feel like I’m just repeating the same methodologies over and over. I want to step out of my comfort zone and do bigger things. Whenever I see researchers publishing new CVEs or dropping write-ups on entirely new exploitation techniques, it deeply inspires me. But when I try to figure out what I need to make that leap myself, I feel a bit lost. Despite my strong technical grasp of existing web vulnerabilities, I feel somewhat inadequate when it comes to the mindset and workflow required for discovering zero-days or developing novel exploitation techniques from scratch. Has anyone else experienced this specific plateau?…