I would also say experience is a big part but I always start with getting information on the site. I guess you can call it reconnaissance, Google and Whois are very good places to start. Once you have an idea of your target you need to know what you plan on accomplishing. Like are you just checking to see what ports or services are open? Are you looking for common exploits? A lot of checking security is having goals and targeted ideas of what you want to check on. If you are just trying to see is basic services are open via ports then you could use Nmap or maybe X-Scan. To take that on step further you can use Retina, X-scan, or Metasploit Framework. There are tons of tools and techniques to test access. A lot of experience auditor do not share there techniques as this is how they make there living. I would say if you have a question on a cretin way of checking for this or that your post will get a better response. Well this is just me 2 cents.
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP