Pentesting cryptographic parameters

Applications where information is being sent to third parties, such as endpoints from shopping portal to payment gateway information, such as credit card details, the information is encrypted by a mutually agreed upon key. An automated scanner will not be able to scan such instances. If any endpoint is left exposed accidentally by the application, then by manual analysis, the pentester can test these cryptographic parameters for vulnerabilities.