As Pentester, auditor, or risk assessor, it is important to understand difference
CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.
Cybersecurity is one of buzz-words promising the la-la land these days. Everyone is running towards it. However, it will help if one is aware of the 2 big risks.
My 2 cents on a day in a pentester's life, from the vantage point of someone who does it (sometimes) but observes it (a lot). TLDR - it is not all pentesting!
How to get more value out of a pentest.
This is a live post; it will undergo changes, which are captured in change log, provided at the end of this post.
assuming you have a valid account with tenable and have paid for your license.