Enterprise security testing: What are you missing?