My main interest in security is web application security, I'm interested in what if any Methodologies people use when testing sites. I currently use a modified version of the methodology suggested in "Hacking exposed Web applications".

So what Methodology do you use?

SittingDuck