Most penetration testing programs were originally designed to satisfy compliance requirements. Attackers, however, do not ...