I’ve never seen my methodology as a formalized model, to be honest. Since I’m the only tester in the organization and mostly I work on a massive classic ASP web application, my options are GUI automation and manual testing.
I start with steel thread/happy path tests - does it do what it should do?
Then I check the less common scenarios - the boundaries, the odd configuration settings, and so forth.
Then I try to find the breaks - low level hacking, can I force the thing to do something it absolutely should not do, ever.
If time permits, I try to automate the most crucial pieces and try to get some form of load testing however minimal.
So I guess it would be a risk-based model, starting from the most common scenarios and moving out to the least common with manual, mostly exploratory tests around user personas.