Instead of utilizing personal expertise, some organizations and security testing teams prefer to automate security testing. This is typically done with help of a tool which is run against the host of target systems in order to assess the security posture. The tool tries to simulate real-world attacks that an intruder might use. Based on whether the attack succeeded or failed, the tool generates a detailed report of the findings. The automated test can be easy and quick to perform, however it may produce a lot of false positives. Automated testing can also not assess architecture-level security flaws (design flaws), business logic flaws, and any other procedural shortcomings.