This page contains a checklist of the tasks you typically need to perform when carrying out a comprehensive attack against a web application, copied from http://mdsec.net/wahh/tasks.html. The page has been modified to store user-interaction in browser's localStorage making it easier to track tests that are pending and/or are already covered. For more detail, and the specific action steps involved, refer to the full methodology in Chapter 21 (or Chapter 20 in the first edition).
The checklist also contains few new ones and can be modified as new classes of vulnerabilities emerge. For OWASP's Testing Checklist, please visit https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet.