Using tools like Nessus, OpenVas, Metasploit, WPScan and others, I'll scan the server from both outside and inside, filter out the false positives and other noise. I'll look more closely at what is left, and add it to my report with an explanation. I'll examine all the software running, it's version and note if it is a heavily targeted, as well as compare it to lists of current known vulnerabilities. Looking at the site from the outside, I'll see if it has any potential for Cross Site Scripting vulnerabilities and SQL injection. I'll write a report summarizing my findings and explaining the details and background, along with a package containing a copy of the results of every test run.