As a professional web app pentester, you must conduct yourself and your activities in an organized and professional manner. This is extremely important since your activities are virtually indistinguishable from a real attacker. The name of the game is to protect yourself! Key components of pentesting best practices are: - Gain written permission about what, how, and when things will be tested. - Create documentation that records the tests such as output from wireshark and tcpdump along with logs about what you did. - Build reports about what was discovered and how to fix vulnerabilities. - Establish a good working relationship with other departments to stave off any potential misunderstandings during testing.