External pen-testing is the traditional, more common approach to pen-testing. Black Hats are always keenly looking for vulnerable public acing applications. So in this case we as a security consultant aims to target the system from black hat’s perspective and find out flaws in it which gets reported. It addresses the ability of a remote attacker to get to the internal network. The goal of the pen-test is to access specific servers and crown jewels within the internal network by exploiting externally exposed servers, clients, and people. Whether it's an exploit against a vulnerable Web application or tricking a user into giving you his password over the phone, allowing access to the VPN, the end game is getting from the outside to the inside.