Security-testing, also called penetration testing, is a very specialized profession. The testing results and the quality of the security testing may vary without proper guidance, training, and tools. It's suggested to have an internal security-testing knowledge portal, which can include the security-testing guidelines, best practices, instructions, tools, and the training environment. An Open Web Application Security Project (OWASP) security-testing knowledge kit can be used to build such a knowledge portal. The following table gives an overview example of what the whole security-testing knowledge kit should cover: