Phases of a Security Audit
The usual audit consists of multiple steps. These steps might differ in different audits, but in general they are as follows:
During the preparation the details of the audit are evaluated. For instance we clarify which type of audit is best and which target is affected.
During the information gathering phase one collects as much information and details about the target as possible. This includes technical details as well as mail addresses or social information that might help to compromise security.
After gathering details about the target, the information are analyzed according to their security impact. After prior agreement with the client the identified vulnerabilities might be verified via direct attacks.
Every audit ends with a detailed report that summarizes identified vulnerabilities, their impact on the security state as well as corresponding mitigation strategies. In addition to that, the highlights of the report might be presented in front of an audience.