[mpeg]

I haven't done security research for a long time, but the way I did it was to pick a specific category of vulnerability (say, SQL injection) and try to exploit it everywhere you can possibly think of, where there is a potential for input.

Even nowadays, I regularly see people leave their systems open to these super basic input validation vulnerabilities because they only think about doing things right on the surface area, but then they'll have some batch process that analyses log files as a one-off script that is vulnerable if the user has a malicious http header or something like that.

Another way would be to try and think how a particular thing was written and figure out ways you can break it. I found plenty of buffer overflow vulns in custom TCP servers this way, but you can also find less serious things that let you do things you're not supposed to.

For example, an ecommerce business that would let you add an optional service charge allowed negative numbers (to deduct money from the order).

Another online shop had test item ids with negative prices in the database.