No automated technique can find every vulnerability type. Some categories, such as authorization issues and business logic flaws, will always require a skilled penetration tester. Penetration testers have become even harder to hire as demand for their skills has increased. Using penetration testing as the only way to assess an application is expensive and time consuming. It can take weeks to perform a full penetration test on an application, with results that vary depending on the tester. As a result, most organizations only use this method where they need it to comply with regulations, or on an infrequent basis. The strength and weakness of manual application security testing is the people. Missed findings due to lack of process or an unskilled tester are real issues.