How can you get maximum results within a given time window?
Data Driven Assessment (diminishing return FTW)
Visit the search, registration, contact, password reset, and comment forms and hit them with your polyglot strings
Scan those specific functions with Burp’s built-in scanner
Check your cookie, log out, check cookie, log in, check cookie. Submit old cookie, see if access.
Perform user enumeration checks on login, registration, and password reset.
Do a reset and see if; the password comes plaintext, uses a URL based token, is predictable, can be used multiple times, or logs you in automatically
Find numeric account identifiers anywhere in URLs and rotate them for context change
Find the security-sensitive function(s) or files and see if vulnerable to non-auth browsing (idors), lower-auth browsing, CSRF, CSRF protection bypass, and see if they can be done over HTTP.
Directory brute for top short list on SecLists
Check upload functions for alternate file types that can execute code (xss or php/etc/etc)