Explore a thought-provoking conference talk that challenges the conventional wisdom surrounding penetration testing in cybersecurity. Delve into Rory McCune's presentation at Security BSides London, where he argues why the practice of penetration testing must evolve. Over the course of 26 minutes, examine the limitations of black box testing, the overloaded terminology in the field, and the challenges faced by clients who may not be fully prepared for such assessments. Investigate the complexities of application security assessments, data security concerns, and the legal implications of penetration testing. Gain insights into potential solutions for improving cybersecurity practices, including the importance of realistic testing environments and the underrated value of lab-based assessments. Discover why predicting human behavior in security contexts is crucial and how the industry can address the legal challenges associated with penetration testing.