Penetration testing is much more than trying a couple of attacks and be done with it. The results matter, and you have to prepare them in a fashion they can be used afterwards. Putting defences to the test is not a matter of „yes, it works“ or „no, it doesn’t“. There are expectations of the customer. Furthermore you will run into situations which might not have been anticipated. Then there is the Art of Communication™. Missing means of communication or misuse of known means is widespread. At his presentation at DeepSec 2013 Alexey Kachalin put reporting and penetration testing into perspective. Listen to his talk and let himexplain you what’s hot and what’s not.