Summary

Tools don’t fix problems. They can only identify problems—and then, only the ones that are known. Security tools are important and help to address security issues in your networks and the environment, but you can’t stop there. Any given tool can produce false positives, false negatives, or simply wreak havoc on your network. You need to plan to use these tools at the appropriate time, and you will also need a remediation plan to address how discovered problems will be addressed.

The vulnerability assessor must be trained in the use of the tools, use them carefully, and then interpret any information that has been produced by that tool. Finally, you should never use these tools on a network unless you have been given explicit permission in writing to do so. You run the risk of being considered a Black Hat, you may face legal penalties, and anyway, it is simply polite to ask.