From 215bec9fac90ec4339627180dc78ada4560feab5 Mon Sep 17 00:00:00 2001
From: skyanth <skyanth@gmail.com>
Date: Tue, 14 Apr 2020 18:55:46 +0200
Subject: [PATCH] update methodology snippet

---
 xml/source/snippets/report/methodology.xml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xml/source/snippets/report/methodology.xml b/xml/source/snippets/report/methodology.xml
index ee6a5b2..9fcdb2b 100644
--- a/xml/source/snippets/report/methodology.xml
+++ b/xml/source/snippets/report/methodology.xml
@@ -43,7 +43,10 @@
         has been obtained (either legitimately though provided credentials, or
         via vulnerabilities). This may be done surreptitiously (for example to
         try to evade intrusion detection systems or rate limits) or by more
-        aggressive brute-force methods.
+        aggressive brute-force methods. This step also consist of manually testing the
+        application against the latest (2017) list of OWASP Top 10 risks. The discovered 
+        vulnerabilities from scanning and manual testing are moreover used to further elevate
+        access on the application. 
       </li>
     </ol>
   </section>