In any application or network, there are weaknesses or flaws an attacker could exploit to impact data confidentiality, integrity, or availability. The testing goal is the same when performing application and network pentesting.
Pentest results include an output list of vulnerabilities, the risks they pose to the network or application, and a concluding report. Report types vary based on the pentest being conducted, but generally include an executive summary, scope of work, methodology, summary of findings, recommendations, post-test remediation, and finding details.
Vulnerabilities found during a pentest can be used to modify your existing security policies, patch your applications and networks, identify common weaknesses across your systems, and help strengthen the overall security posture of your systems and organization.