Expecting some bounties (two first vulns should be high, negotiating), all in modern web applications. do not rely on checklists, you are a hunter not a tester machine. Don't overlook JS files, do not skip auth classes, focus on your target, think, and win :)