As a developer of multiple standalone apps (Web-/Native apps) I am wondering, what things I should keep in mind / what are typical approaches of a blackhat (besides of these scriptkiddies checking for sql injection etc.) to identify such vulnerabilities.
During my web research I only found very broad information and no detail on how a blackhat actually finds a zero day vulnerability.
Regardless network/phishing/social engineering vulnerabilities.
I'd like to know what is the approach to find a zero day exploit/vulnerability and how can I, as a developer, make my software more consistent?