Penetration tests by CIEX, Inc. are performed manually rather than by a scanner. Scanners almost never catch application logic errors. Manual penetration testing develops a deeper understanding of the application and checks for logic flaws, such as multi-tenancy, cross-account attacks, latent database attacks, and server-side request forgeries.
Our tests are also guided by the “Ninja Threat Model”, one key element of which is that an attacker can use a client different than the ones that the developer expects. This includes the ability to completely reverse engineer the client to expose any secrets that are there, in addition to defeating any protections built into the client.
Further, the Ninja Threat Model presumes that the attacker is able to sit on the network segment as the application, totally defeating any firewall protection. Further, the source to the application can obtained, or deduced from reverse engineering.
Additionally, we pay particular attention to encryption, which is very often misused, sometimes in a manner resulting in total compromise, password storage and file upload and download.
(Credit to Cory Scott of Matasano for this model).
In addition, CIEX references the OWASP model of testing. In addition, there is an 800-point checklist, where we choose element of this that fits the profile, scope and technology of the application.