Methodology

1. Discover: scope, assets, threats, and success criteria
2. Map: enumerate surface (hosts, APIs, roles, dataflows)
3. Test: manual+automated exploitation and abuse cases
4. Analyze: validate impact, reduce false positives, rank with CVSS
5. Report: executive summary + engineering guidance
6. Remediate: office hours, code review, re-test for criticals

We reference OWASP ASVS/MASVS, NIST SP 800-115, and CIS Benchmarks; for LLM-enabled products, we add prompt-injection and data exfiltration checks.