I have experience testing websites looking for OWASP TOP 10 vulnerabilities, looking for issues regarding to injection (SQL, Commanda, HTML), XSS (Reflected, Stored) and other kind of web site security flaws like Authentication, Session Management, Parameter tampering, Access Control, etc.
I use Kali Linux mainly but I also use Windows tools, testing 100% the user input such as input fields or URL parameters.
I use some hacking techniques like: Brute Forcing, MiTM, Cookies management, Buffer Overflow, Insecure Configuration, Insecure Object Reference, CSRF, Redirections and forwards, Mapping the app, Vulnerabilities Scanning, Insecure Uploads, etc.
I also can evaluate systems and networks of the internal and external side using exploits when a vulnerability is found.
A professional report including the recommendations to overcome the findings is given at the end of the project, the report includes evidences of the findings.
For mobile apps I check Owasp Top 10 mobile security risks.