[czuczorgergo]

I am dealing with these problems every day, in my workplace, CCLab, in Hungary.

It is really a hard question, because it depends on several variables. I would say that the most important is the information gathering, if you would like to find a vulnerability in a system. There are several cases when you know that a vulnerability is present just by checking the version numbers. If you would like to find vulnerabilities in bigger systems, you should always search for older unmanaged functions that might be present. This is how a security researcher managed to find a critical vulnerability in a Google service that was used by probably nobody. If I am given the task to search for vulnerabilities in a standalone system, I always search for the functions that are not crucial for the system to work, because they tend to be less tested. If you have the possibility to upload files, then you could find a vulnerability with almost 100 percent certainty. So I would recommend you to spend a significant amount of time testing it. An other good indicator for potential vulnerabilities is when the user input is reflected in any manner. If you have access to the list of the used components, always check, if they have any known vulnerabilities this could be a really handful input, if the vulnerable features of that component are used by the system. If you can turn on options that make the system act in a different way, then you should always test them, because most of the automated scanners are going to miss those vulnerabilities that are only present in certain cases.