Hackers can be found outside or inside your organization. If the threat from outside your organization is to be tested it is advised to commission a so-called "Perimeter Test" in which access to your organization from the outside is tested. Recently however it has become clear that many of the threats come from the inside. This does not necessarily mean that regular employees are not trustworthy. But just consider the number of temp staff, maintenance and housekeeping employees, consultants or support personnel from other companies. Maybe your premises are occasionally open to the public, or used for festivities and social activities? We have also come across organizations that offered access to their network from remote unprotected locations for instance to perform measurements in the field. Last but not least there can be connections from the local company network to networks from outsourcing parties, banks or information sources like "Reuters".
As can be concluded from the above it is not always clear what is outside and what is inside. An "Interior Test" can be ordered to test the vulnerability for these inside threats. Of course a specific test can be defined to test vulnerability for threats from a specified location for instance a partner network.