# 🔧 Penetration Testing Methods & Use Cases

- [Pentesting Approaches: White-Box, Gray-Box, and Black-Box](/penetration-testing-methods-and-use-cases/pentesting-approaches-white-box-gray-box-and-black-box.md): Penetration testing can be approached in several different ways, each offering varying levels of insight and requiring different types of information about the system under test.
- [Penetration Testing Environments: How to Choose the Right Testing Ground](/penetration-testing-methods-and-use-cases/penetration-testing-environments-how-to-choose-the-right-testing-ground.md): Development, staging, and production environments each offer unique advantages for penetration testing. The right choice depends on your risk tolerance, compliance needs, and testing objectives.
- [Internal vs. External Penetration Testing: Different Methodologies, One Complete Security Picture](/penetration-testing-methods-and-use-cases/internal-vs.-external-penetration-testing-different-methodologies-one-complete-security-picture.md): External and internal pentesting cover very different attack surfaces and uncover distinct types of vulnerabilities, making the strategic choice between them crucial for effective risk management.
- [How to Prioritize Vulnerabilities - Understanding Risk Scoring (CVSS) in Penetration Testing](/penetration-testing-methods-and-use-cases/how-to-prioritize-vulnerabilities-understanding-risk-scoring-cvss-in-penetration-testing.md): Spoiler alert: base CVSS scoring alone doesn't determine your actual business risk. Discover how to prioritize penetration test findings using EPSS and context-based scoring.
- [Beyond CVSS in Penetration Testing: A look at CWE, CWSS, and the Traditional Risk Rating way](/penetration-testing-methods-and-use-cases/beyond-cvss-in-penetration-testing-a-look-at-cwe-cwss-and-the-traditional-risk-rating-way.md): While CVSS scores severity, CWE, CWSS, and Traditional Ratings reveal root causes and contextual business risk. Read our guide to see real-world examples and understand vulnerability scoring.
- [The Blueprint for a Better Penetration Test: How Threat Modeling Improves Offensive Security Outcome](/penetration-testing-methods-and-use-cases/the-blueprint-for-a-better-penetration-test-how-threat-modeling-improves-offensive-security-outcome.md): A Threat Model is a list of assumptions; a pentest is the reality check. Discover how combining them exposes hidden business logic flaws and turns theoretical risks into confirmed vulnerabilities.
- [The Retest Trap in Penetration Testing: Why You Want Pentesters to Verify Your Fixes](/penetration-testing-methods-and-use-cases/the-retest-trap-in-penetration-testing-why-you-want-pentesters-to-verify-your-fixes.md): Vulnerability remediation demands rigorous retesting. Learn why expert verification is essential to address root causes, prevent logic flaws, and validate true remediation.
- [What Is Cyber Threat Intelligence and Why Does It Matter for Penetration Testing?](/penetration-testing-methods-and-use-cases/what-is-cyber-threat-intelligence-and-why-does-it-matter-for-penetration-testing.md): Cyber threat intelligence provides ethical hackers or cybersecurity teams with actionable insights about current risks, enabling proactive defense against cyber threats.
- [Penetration Testing for AI Systems: How to Secure Modern LLMs, Agents, and AI Infrastructure](/penetration-testing-methods-and-use-cases/penetration-testing-for-ai-systems-how-to-secure-modern-llms-agents-and-ai-infrastructure.md): As AI transforms business operations, the attack surface expands while security often lags behind. What should you know before launching AI products?
- [Open source Frameworks for Agent-Based Penetration Testing](/penetration-testing-methods-and-use-cases/open-source-frameworks-for-agent-based-penetration-testing.md): The evolution from automated scanning to intelligent AI agents is reshaping how security professionals approach pentesting assessments. Discover the main frameworks leading this transformation.
- [Collaborative Testing: Why Your Blue Team Should Watch the Pentest](/penetration-testing-methods-and-use-cases/collaborative-testing-why-your-blue-team-should-watch-the-pentest.md): Siloed penetration tests can limit defensive maturity, while mature programs gain more value from collaboration. Discover the key advantages of testers working in open communication with your team.
- [Why Complex Access Paths Kill Penetration Testing Value](/penetration-testing-methods-and-use-cases/why-complex-access-paths-kill-penetration-testing-value.md): Complex access paths through VPNs, VDI, and jump boxes can degrade penetration test quality. Explore the key reasons and how staging environments eliminate friction in security assessments.