well basically you need a understanding of computers vunerbilites how the network works how to hack and how to block hackers from hacking scanning sites and finding exploitable stuff.

i personaly use compact core something like that to scann websites also i use acunetix for another scanner.