Without due consideration of the following points, the introduction of tools and the use of these in a penetration test can often end up being an expensive waste of time.: a solid understanding of the system being tested, the types of vulnerabilities and how to exploit them, the processes and especially the business processes involved and the relationship between the various systems.