Manual vulnerability assessment is one of the best-preferred options. It benefits from the expertise of the well-trained security professional. A manual testing approach involves detailed scoping, planning, information gathering, vulnerability scanning, assessment, and exploitation. Hence, it is certainly more time and resource-consuming than the automated test, however, it is less likely to produce false positives.

Quite often, organizations and vulnerability assessment teams prefer to use a combination of automated and manual testing in order to get the best out of both.