I’ve been around application penetration testing for many years now and I’ve seen and heard many things when it comes to scoping a job. This post is a bit of a <rant>brain dump</rant> around this subject because, well, it’s an interesting one and based on the feedback …