Phase 1 Information Gathering
Understanding the business objectives
Reviewing the type of system,network and application
Identifying the services or sensitive technical information.
Phase 2 Vulnerability Identification
Ensure that all components of applications are analysed.
Performing manipulative, aggregation and interactive testing
Phase 3 Vulnerability Analysis
Analysis of vulnerabilities detected to identify the chances of exploitation