WEB APPLICATION PENETRATION TESTING

The following is an extract from veracode official website.

When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Automated penetration testing tools simply can’t find every flaw – sometimes, it takes the skill and insight of the manual tester to identify complex authorization issues or business logic flaws.

Manual web application penetration testing is most effective and cost-efficient when combined with other scanning technologies. Manual testing on its own can be quite expensive and time-consuming, taking weeks to perform a full penetration test. That’s why, when choosing technologies that can deliver state-of-the-art application security, more leading companies today turn to web app penetration testing solutions from Veracode. With a full complement of testing solutions built on a leading application security platform, Veracode helps organizations to better protect the software that drives business results.

Without being biased, I can see the above is a honest and true description of pen testing.
Emphasis has been on pointing out that pen testing is not something which can simply be done with a tool. Pen testing is more complex and time-consuming. Also each website/web application is different.

While searching for "pentesting web applications" we may end with "Vulnerability Management Tools". Many companies might market their  "Vulnerability Management/Scanning" as  "Pen Testing"  which in fact are not the same thing


REFERENCE: https://www.veracode.com/security/web-application-penetration-testing