Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Automated Tools for Testing Computer System Vulnerability



William T. Polk


Computer security "incidents" occur with alarming frequency. The incidents range from direct attacks by both hackers and insiders to automated attacks such as network worms. Weak system controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms. For example, improper access control specifications for key system files could open the entire system to unauthorized access. Moreover, many computer systems are delivered with default settings that, if left unchanged, leave the system exposed. This document discusses automated tools for testing computer system vulnerability. By analyzing factors affecting the security of a computer system, a system manager can identify common vulnerabilities stemming from administrative errors. Using automated tools, this process may examine the content and protections of hundreds of files on a multi-user system and identify subtle vulnerabilities. By acting on this information, system administrators can significantly reduce their systems' security exposure. This document examines basic requirements for vulnerability testing tools and describes the different functional classes of tools. Finally, the document offers general recommendations about the selection and distribution of such tools.
Special Publication (NIST SP) - 800-6
Report Number


change detection, computer security, configuration review, identification of vulnerabilities, secure audit, Trojan horse detection, vulnerability testing


Polk, W. (1992), Automated Tools for Testing Computer System Vulnerability, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed May 24, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created December 1, 1992, Updated May 4, 2021