While it’s tempting to just request that a tester “test everything,” this would most likely lead to pen testers only scratching the surface of several vulnerabilities, sacrificing gathering valuable intelligence gained by going more in-depth in fewer areas, with clear objectives in mind.

To make sure pen tests can achieve these objectives and pinpoint weaknesses, various different types of pen tests focus on different areas of an IT infrastructure, including:
Web Application Tests

Web application penetration tests examine the overall security and potential risks of web applications, including coding errors, broken authentication or authorization, and injection vulnerabilities.
Network Security Tests
Network penetration testing aims to prevent malicious acts by finding weaknesses before the attackers do. Pen testers focus on network security testing by exploiting and uncovering vulnerabilities on different types of networks, associated devices like routers and switches, and network hosts. They aim to exploit flaws in these areas, like weak passwords or misconfigured assets, to gain access to critical systems or data.
Cloud Security Tests

Security teams to work with cloud providers and third-party vendors to design and carry out cloud security testing for cloud-based systems and applications. Cloud pen-testing validates the security of a cloud deployment, identifies overall risk and likelihood for each vulnerability, and recommends how to improve your cloud environment.
IoT Security Tests

Pen testers take the nuances of different IoT devices into account by analyzing each component and the interaction between them. By using the layered methodology, where each layer is analyzed, pen testers can spot weaknesses that may otherwise go unnoticed.
Social Engineering

Social engineering is a breach tactic, which involves using deception to gain access or information that will be used for malicious purposes. The most common example of this is seen in phishing scams. Pen testers use phishing tools and emails tailored to an organization to test defence mechanisms, detection and reaction capabilities, finding susceptible employees and security measures that need improvement.
Conclusion
Penetration testing can help to mitigate the threats of the above risks that your business may face. However, good security practices should be adopted in order to secure your business.
Reference :
check out the last blog:
https://blogs.techsnapie.com/check-out-the-dark-side-of-phishing-attack/