At an overview level for this level of testing, the methodology essentially involves the following key activities:
- Gathering information about the design, architecture and interfaces.
- Performing security testing of the platform, based on a Top-Down analysis of vulnerable system components. This will include performing manual checks, automated tests and various reviews to uncover security vulnerabilities.
- Analysis of the gathered data and the results of the various reviews. The analysis includes categorising the exploited vulnerabilities and prioritising them according to the business and technical context.
- Report documentation – Please see detailed report structure and deliverable description on the next page (page 6).