Webhooks should not be mentioned without also mentioning SSRF vulns. Because most companies use their firewall as a defense permitter, these attacks can be devastating.