Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Methodology Our penetration testing methodology is built on recognized industry standards, incorporating guidance from PTES, the OWASP Testing Guides, NIST 800- 115, PCI Penetration Testing Guidance, OSSTMM, and the MITRE ATT&CK framework. By aligning with these proven methodologies, we ensure a comprehensive and methodical evaluation of the target environment, whether it involves web applications, APIs, internal/external networks, mobile apps, AI/LLM systems, containers, hardware, or human-focused testing. We draw from several key security frameworks to deliver high- quality assessments: OWASP (Open Web Application Security Project): We apply the OWASP Testing Guide rigorously to identify weaknesses in web applications, with special focus on the OWASP Top 10, to strengthen your application security posture. PTES (Penetration Testing Execution Standard): PTES provides a structured methodology for network penetration testing from reconnaissance through post- exploitation to ensure a complete review of your environment. MITRE ATT&CK: By leveraging the ATT&CK matrix, we emulate real- world adversary tactics and techniques to uncover impactful, attack- relevant vulnerabilities. NIST 800- 115, PCI Penetration Testing Guidance, and OSSTMM: These frameworks help shape our overall testing strategy, ensuring consistency, robustness, and alignment with industry expectations.