diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md
index 716254690..b4eb86e38 100644
--- a/src/pentesting-web/web-vulnerabilities-methodology.md
+++ b/src/pentesting-web/web-vulnerabilities-methodology.md
@@ -101,6 +101,8 @@ Some **specific functionalities** may be also vulnerable if a **specific format
 - [ ] [**Email Header Injection**](email-injections.md)
 - [ ] [**JWT Vulnerabilities**](hacking-jwt-json-web-tokens.md)
 - [ ] [**XML External Entity**](xxe-xee-xml-external-entity.md)
+- [ ] [**GraphQL Attacks**](../network-services-pentesting/pentesting-web/graphql.md)
+- [ ] [**gRPC-Web Attacks**](grpc-web-pentest.md)
 
 ### Files
 
@@ -128,7 +130,10 @@ These vulnerabilities might help to exploit other vulnerabilities.
 - [ ] [**Unicode Normalization vulnerability**](unicode-injection/index.html)
 
 
+
+
+## References
+
+* [GraphQL vulnerabilities and common attacks seen in the wild (Security Boulevard, 2024)](https://securityboulevard.com/2024/08/graphql-vulnerabilities-and-common-attacks-seen-in-the-wild/)
+* [gRPC-Go HTTP/2 Rapid Reset advisory (GitHub Security Advisory, 2023)](https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g)
 {{#include ../banners/hacktricks-training.md}}
-
-
-