How would you test for common web application vulnerabilities like SQLi, XSS, and Broken Access Control?