Understanding What and Where to Test during Automated Security Testing