I don't know if its bias or not, but the number of really stupid webapp vulnerabilities seems to be on the rise. There seems to be a lot of endpoints that just. require zero auth. A lot of webapps that just blindly trust the user if certain http headers are there. A lot of webapps seem to just completely lose their shit when they hit that (?:\x3b|\x60|\x0a|\x26{2}).