# 🔧 Penetration Testing Methods & Use Cases - [Pentesting Approaches: White-Box, Gray-Box, and Black-Box](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/pentesting-approaches-white-box-gray-box-and-black-box.md): Penetration testing can be approached in several different ways, each offering varying levels of insight and requiring different types of information about the system under test. - [Penetration Testing Environments: How to Choose the Right Testing Ground](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/penetration-testing-environments-how-to-choose-the-right-testing-ground.md): Development, staging, and production environments each offer unique advantages for penetration testing. The right choice depends on your risk tolerance, compliance needs, and testing objectives. - [Internal vs. External Penetration Testing: Different Methodologies, One Complete Security Picture](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/internal-vs.-external-penetration-testing-different-methodologies-one-complete-security-picture.md): External and internal pentesting cover very different attack surfaces and uncover distinct types of vulnerabilities, making the strategic choice between them crucial for effective risk management. - [How to Prioritize Vulnerabilities - Understanding Risk Scoring (CVSS) in Penetration Testing](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/how-to-prioritize-vulnerabilities-understanding-risk-scoring-cvss-in-penetration-testing.md): Spoiler alert: base CVSS scoring alone doesn't determine your actual business risk. Discover how to prioritize penetration test findings using EPSS and context-based scoring. - [Beyond CVSS in Penetration Testing: A look at CWE, CWSS, and the Traditional Risk Rating way](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/beyond-cvss-in-penetration-testing-a-look-at-cwe-cwss-and-the-traditional-risk-rating-way.md): While CVSS scores severity, CWE, CWSS, and Traditional Ratings reveal root causes and contextual business risk. Read our guide to see real-world examples and understand vulnerability scoring. - [The Blueprint for a Better Penetration Test: How Threat Modeling Improves Offensive Security Outcome](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/the-blueprint-for-a-better-penetration-test-how-threat-modeling-improves-offensive-security-outcome.md): A Threat Model is a list of assumptions; a pentest is the reality check. Discover how combining them exposes hidden business logic flaws and turns theoretical risks into confirmed vulnerabilities. - [The Retest Trap in Penetration Testing: Why You Want Pentesters to Verify Your Fixes](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/the-retest-trap-in-penetration-testing-why-you-want-pentesters-to-verify-your-fixes.md): Vulnerability remediation demands rigorous retesting. Learn why expert verification is essential to address root causes, prevent logic flaws, and validate true remediation. - [What Is Cyber Threat Intelligence and Why Does It Matter for Penetration Testing?](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/what-is-cyber-threat-intelligence-and-why-does-it-matter-for-penetration-testing.md): Cyber threat intelligence provides ethical hackers or cybersecurity teams with actionable insights about current risks, enabling proactive defense against cyber threats. - [Penetration Testing for AI Systems: How to Secure Modern LLMs, Agents, and AI Infrastructure](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/penetration-testing-for-ai-systems-how-to-secure-modern-llms-agents-and-ai-infrastructure.md): As AI transforms business operations, the attack surface expands while security often lags behind. What should you know before launching AI products? - [Open source Frameworks for Agent-Based Penetration Testing](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/open-source-frameworks-for-agent-based-penetration-testing.md): The evolution from automated scanning to intelligent AI agents is reshaping how security professionals approach pentesting assessments. Discover the main frameworks leading this transformation. - [Collaborative Testing: Why Your Blue Team Should Watch the Pentest](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/collaborative-testing-why-your-blue-team-should-watch-the-pentest.md): Siloed penetration tests can limit defensive maturity, while mature programs gain more value from collaboration. Discover the key advantages of testers working in open communication with your team. - [Why Complex Access Paths Kill Penetration Testing Value](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/why-complex-access-paths-kill-penetration-testing-value.md): Complex access paths through VPNs, VDI, and jump boxes can degrade penetration test quality. Explore the key reasons and how staging environments eliminate friction in security assessments. - [Shadow IT & the Scoping Blind Spot: Why Your Penetration Test Could Be Missing Critical Assets](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/shadow-it-and-the-scoping-blind-spot-why-your-penetration-test-could-be-missing-critical-assets.md): Tight scoping creates a massive blind spot, leaving critical assets completely untested. Learn why Shadow IT is the “open window” attackers exploit first. - [The "Perfect Environment" Trap: Why Penetration Testing Shouldn't Wait](https://www.penetration-testing.com/penetration-testing-methods-and-use-cases/the-perfect-environment-trap-why-penetration-testing-shouldnt-wait.md): Waiting for the perfect opportunity to pentest is a dangerous misconception. Learn why attackers thrive during transitions and why you should test your environment as it exists today. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.penetration-testing.com/penetration-testing-methods-and-use-cases.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.