Is it the sole responsibility of the client to perform a retest to verify that the issued recommendations have been effectively implemented after the initial penetration test?
While clients may perform their own verification checks after implementing remediation strategies, it is a best practice for penetration testers to offer and sometimes conduct a retest. This helps to ensure that the changes were effective and that no additional vulnerabilities were introduced during the remediation process. It also provides the client with third-party validation of their security enhancements.