Instead of focus on vulnerability, try to understand the web application functionilities and features and then mapping with possible attack vectors. so that, you will yield more vulnerabilities compare than vulnerability focus approach.

Web Application Reference:

Please use the below reference site for learning more about Web pentesting: - https://book.hacktricks.xyz/pentesting-web/web-vulnerabilities-methodology

Testing Checklist - https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6

Reference Vulnerbility list: