At an overview level for this level of testing, the methodology essentially involves the following key activities:

  1. Gathering information about the design, architecture and interfaces.
  1. Performing security testing of the platform, based on a Top-Down analysis of vulnerable system components. This will include performing manual checks, automated tests and various reviews to uncover security vulnerabilities.
  1. Analysis of the gathered data and the results of the various reviews. The analysis includes categorising the exploited vulnerabilities and prioritising them according to the business and technical context.
  1. Report documentation Please see detailed report structure and deliverable description on the next page (page 6).