The goal of these tests is to pinpoint security threats that emerge locally. For example, there could be a flaw in a software application running on the user’s workstation which a hacker can easily exploit.
These may be programs or applications like Putty, Git clients, Sniffers, browsers (Chrome, Firefox, Safari, IE, Opera), and even presentation as well as content creation packages like MS Power Point, Adobe Page Maker, Photoshop, and media players.
In addition to third-party software, threats could be home grown. Using uncertified OSS (open source software) to create or extend home made application could cause severe threats that one can’t even anticipate. Therefore, these locally developed tools should also pass through the penetration test cycle.