* Known vulnerabilities. Much progress has been made to describe and categorize known vulnerabilities in a structured way. Attack databases, such as the Common Vulnerabilities and Exploits (CVE) list and Computer Emergency Response Team (CERT) advisories, identify security issues and offer demonstrative exploits. Automated testing of these exploits can be a great timesaver, while simultaneously extending security coverage. Look for security test tools that can step through a desired set of vulnerabilities.
* Mobile device emulation. Steve Jobs was right: We live in a post-PC era. Today it's equally likely that network connections will originate from a phone or tablet as from a PC -- and that means security testing needs to emulate these mobile devices.
While mobile and desktop environments have some things in common, there are significant differences down the protocol stack. Consider that TCP -- which carries 90% or more of all Internet backbone traffic -- has more than 300 variants, with nearly 100 for Windows alone. An effective security test tool should be able to model enterprise traffic in a meaningful way, regardless of whether that traffic comes from mobile or fixed sources.
Mobile devices also may use authentication protocols such as 802.1X and/or RADIUS that are not used by wired clients. Similarly, mobile devices -- especially those used by guests -- may reside in specially quarantined subnets, again with different access privileges than wired clients. Security test tools must be able to model the mobile device environment in a meaningful way.
* BYOD. In a related development, many organizations have embraced the "bring your own device" movement, allowing employees and contractors to reach enterprise network resources using their own computers, phones and tablets. There are numerous pros and cons to BYOD, and enumerating all the various security policy issues is well outside the scope of this article. However, once an enterprise decides to proceed with BYOD, it's clear that security testing is an essential part of any well-managed rollout.