[dmayer]

Yea, I think a better term would be application security assessment where one tests the application for security flaws. Penetration testing stems originally from network security where one actually tries to penetrate a network. It's not a great term for software, I agree.

[bartbes]

I think the intent here is to decrypt and then reverse engineer the network traffic, so they can then check for vulnerabilities server-side. So they aren't auditing the application, they're just trying to find a way in.

[wglb]

(You are plying to the author of the article, possibly intending to reply to the parent.)

This is part of auditing an application. Finding a way in is only one step of the process.