Stage 1: Non-technical

• What am I looking at? What kind of company is this?
• Will I need an account? How much effort will this take?
  • Some websites require SSN/Other personal details just to make an account

Stage 2: Take a gander

• Explore the website
• Toss around some basic inputs: "><script>alert(1)</script>, " OR '1'=='1', !@#$%^&*()<>\/", etc.
  • No need for extensive testing! That'll come later
• Monitor the requests to build out your sitemap, while you're wandering
• Take note of anything interesting

Stage 3: to-be-written

I'll write this. Hopefully.