Manual
1) Establish Terrain
- Confirm affected version(s) and exposure conditions
- Build a minimal test environment (least moving parts)
- Document assumptions and constraints
2) Validate Boundaries
- Confirm the entrypoint and expected input shape
- Test boundary behavior in controlled steps
- Capture evidence with redaction as needed
3) Record Findings
- Impact: what boundary was crossed and what’s observable
- Evidence: logs + request/response + screenshots (sanitized)
- Risk: contextualize based on deployment and privileges
4) Reinforcement Notes
- Input validation + allowlists
- Least privilege and isolation
- Monitoring and detection opportunities