nostr:npub124ctwlx74854drh4rk0tz0za4vyjq9s2mqxxl7f64pxypsqj36lqh47888 A bad pentest is the “checklist item” where there are strict guidelines about what’s in scope and what’s not. A good pentest has no limits. Attackers, REAL attackers, cheat. They don’t follow rules or guidelines, so if you are truly wanting to test to see what a real attacker can do, impose no limits. If you want to pass some audit that involves an accounting type firm doing an assessment with an off-the-shelf scanner, impose those non-realistic limits.