Automated tools can be used to help find a variety of vulnerabilities, such as improper access controls or access control configurations, weak passwords, lack of integrity of the system software, or not using all relevant software updates and patches. There are two types of automated tools: (1) active tools, which find vulnerabilities by trying to exploit them, and (2) passive tests, which only examine the system and infer the existence of problems from the state of the system.
Several types of automated tools monitor a system for security problems. Some examples are virus scanners, checksumming, password crackers, integrity verification programs, intrusion detectors, and system performance monitoring.
- NIST Special Publication 800-14, at 25.