In the attack simulation and exploitation phase, pentesters begin to stimulate real attacks. They also use various types of automated scanners to further test for vulnerabilities. Penetration testing is not limited to automated scanners; manual testing is also performed to find security risks that are often missed by automated scanners. Some common risks missed by automated scanners are business logic, zero-day exploits, workarounds such as SSRF, XSS, etc. Here we will focus on why we need to perform security assessment, such as penetration testing of our IT infrastructure, to prevent these unpleasant incidents. External scenarios simulate the external attacker who has little or no specific knowledge about the target and…