A question not enough people ask is how much of the testing is automated vs. manual. While automated tools are a brief step early in our process, a large majority of our testing is manual. The amount of manual work varies project-to-project, but around 80% of the pentest is hands-on for large infrastructure pentests. For web application penetration tests, it is around 95% of the pentest that is hands-on. It is safe to assume that for CREST approved pen testing, the hands on level is higher still.
This isn’t to say automated vulnerability scanners don’t have a place; Vulnerability scans are quick and simple tools that should be used on a regular basis to identify missing patches or outdated software in larger unknown environments.