Licensing for any software tools should be obtained specific to client. For example, commercial security vulnerability scanning tools typically require license keys specifically tailored to client IP addresses and/or URLs. Some of the more common tools used in security assessments include network scanners, Web application scanners, host assessment scripts, database analysis software, wireless access point detection gear, fuzzers and source/binary code review software. Specialists/technicians should be available as scheduled to perform their work so that downstream dependencies don't have to wait (e.g., the SQL expert should schedule his analysis so that the dependent Web application security review can also be completed in a timely manner).
This was first published in May 2008