Uh-Oh...

Focus solely on external penetration testing is incorrect.
Explanation :
The necessity of a proactive and comprehensive approach, including threat modeling and secure design practices, is to mitigate risks associated with insecure software design, rather than relying on reactive measures or automated tools alone.