What's the Difference Between an Internal Web App and an External Web App Penetration Test?
An internal web application is one that you design to live exclusively on your internal network, therefore, it is only reachable for internal users. If hacked by someone that already had some privilege into the network, AKA an internal or third-party user (an insider threat), the app could allow access to your local data within the application— and probably the server where the application is hosted as well.
On the other hand, an external web app is intended for just that: external use beyond your team. A penetration tester performing an external web app test would mimic the steps a cybercriminal could take to breach the application, leveraging open-source intelligence and pursuing technological flaws in the app software itself to gain access.