where websites are tested for vulnerabilities, especially: XSS Cross (X) Site-Scripting SQL injections SQLI CSRF