Aim of penetration testing (pen-testing) is to break into an application while closely approximating an attacker’s behavior. Typical approaches that rely heavily on the usage of security tools produce only tool-based results, and may limit the effectiveness. In order to closely approximate an attacker’s tactics, more of a mental shift, knowledge about the application, and motivation are required. This paper tries to bridge that gap, and aims to discuss advanced and sophisticated steps to make the pen-testing effort more effective, and optimize the skills of the pen-tester and the tools. Starting with planning, recon, deciding the attack surface, tool selection, and final closure, advanced penetration testing will take your understanding about the application to a different level. Overall, these steps will assist in reasonable assessment of the security posture of an application.