The procedure involves trying to manually breach the systems by the use of the most common flaws, such as SQL / NoSQL injections, vulnerabilities in authentication and session handling, Cross-Site Scripting and default settings in White-Hat format, without damaging any system or database.