Explore advanced web scanning techniques in this 37-minute NorthSec conference talk by James Kettle. Dive into the development and implementation of an open-source scanner that uses a novel approach to detect both known and unknown injection vulnerabilities. Learn how this scanner leverages human intuition to overcome limitations of traditional scanners, offering benefits such as WAF evasion, minimal network footprint, and adaptability to input filtering. Discover key insights from the scanner's conception, development, and deployment on thousands of websites. Uncover advanced techniques for escalating vulnerabilities like HPP and JSON injection to RCE. Gain practical knowledge on interpreting complex findings and maximizing the scanner's effectiveness in your security testing. Walk through topics including scanner limitations, harnessing intuition, vulnerability detection, false positives, code injection, HTTP parameter pollution, and brute-force attacks.