diff --git a/xml/source/snippets/report/methodology.xml b/xml/source/snippets/report/methodology.xml
index ee6a5b2..9fcdb2b 100644
--- a/xml/source/snippets/report/methodology.xml
+++ b/xml/source/snippets/report/methodology.xml
@@ -43,7 +43,10 @@
         has been obtained (either legitimately though provided credentials, or
         via vulnerabilities). This may be done surreptitiously (for example to
         try to evade intrusion detection systems or rate limits) or by more
-        aggressive brute-force methods.
+        aggressive brute-force methods. This step also consist of manually testing the
+        application against the latest (2017) list of OWASP Top 10 risks. The discovered 
+        vulnerabilities from scanning and manual testing are moreover used to further elevate
+        access on the application. 
       </li>
     </ol>
   </section>