Penetration teSting—olD anD new 179
eciency of the testing will be reduced to a level where little can be
achieved in the time available.
If the organization under testing wants to see some return on
investment, then penetration testers need to be allowed to carry out
whatever tests and tricks they deem t, and the tests need to be per-
formed without worrying about waiting for client permission. Older
style, pre-2000s penetration tests did not follow any strict pattern
as such. A number of tests were performed based on the results of
other tests, and based on those test results, more tests were performed.
Hacker testing teams would work 20-hour shifts, then sleep 10 hours,
and then start all over again for the entire testing window. ...