Having an efficient methodology of pentesting can be the most important part of effective work.
Simple case, log into the admin account.
I could have launched BurpSuite or started brute-forcing my way into the account. Or in my case, just look at the source code.
In just 30 seconds, I am in.
Is it a common occurrence for the developer to be this careless? Fortunately, no. However, having logical steps in your method saves time and effort and makes your job as efficient as possible.