[lucb1e]

As a tester, I don't know what you mean. I make my own tests, like, there's nobody telling me which checklist to work down when testing a particular webpage. Or do you mean the conceptual tests, i.e. finding whole new concepts such as XSS or <insert favorite javascript library> template injection?

Edit: From a comment[1] that happened to be just below yours when I loaded the page (emphasis mine):

> If penetration testing is your job [...] run a bunch of scripts/tools against a list of IP addresses/hostnames and generate a template-based report. That is tedious, mindless work.

> There's "security consulting" too which often involves at lot of actual penetration testing (not just running scripts)

Is that the distinction you're trying to make? I happen to be in the latter category but perhaps I'm branding myself wrong when I say I'm a tester (my business card says consultant, not tester, but I also test things so I felt addressed when you said tester).

[1] https://news.ycombinator.com/item?id=26057031