Once the organization makes the effort to identify and mitigate the vulnerabilities that are present in its internal network, it is necessary to raise the level of testing and validate that they are not exposed to an internal (or external) attacker being able to exploit any vulnerability and compromise the security of its information. It is important to run these types of tests to validate the effectiveness of the countermeasures applied to mitigate any identified vulnerabilities. To strengthen the effectiveness of this test, SISAP uses a tool that performs penetration tests in an automated way. This means that the test to be executed carries a double validation, one performed by the automated tool and another by the pentester in charge of executing the test.