Dynamic security testing

What is claimed is: 1. A computer system comprising: a first repository of source definition data describing sources to monitor on one or more computer networks; one or more input collectors, coupled to the one or more computer networks, that are configured to: scan the sources, and identify security assets, wherein the security assets comprise server-side interfaces by which server-based applications interact with client computers over the one or more computer networks; a second repository of security asset data that is configured to receive, from the one or more input collectors, data describing the identified security assets; a security asset analysis component, coupled to the second repository, that is configured to: analyze the security assets described by the security asset data, identify characteristics corresponding to the security assets, and update the second repository to associate each of the security assets with one or more of the corresponding identified characteristics; a query component, coupled to the second repository of security asset data, that is configured to: receive queries for a first set of particular security assets each having one or more particular characteristics, and receive the first set of particular security assets from the second repository of security asset data based in part on comparing the one or more particular characteristics to the identified characteristics, wherein the first set of particular security assets includes a first security asset on a first source and a second security asset on a second source; a prioritization component, coupled to or embedded in the query component, that is configured to generate priority data for sets of particular security assets based on corresponding characteristics of the identified characteristics; one or more monitoring components, coupled to the one or more computer networks, that are configured to: detect, after the updating of the second repository to associate each of the security assets with the corresponding one or more of the identified characteristics, changes to the server-based applications, and identify target assets to be submitted to a test management engine based at least on one of the detected changes to the server-based applications corresponding to a particular target asset of the target, wherein the detected changes to the server-based applications comprise one or more changes made to the server-based applications that indicate a possible new security vulnerability to the server-based applications; the test management engine, coupled to the one or more computer networks, that is configured to: receive requests to execute security tests on the target assets of the security assets, identify security vulnerabilities based on executing the security tests on the target assets, receive the priority data, and test the target assets in orders indicated by the priority data; a third repository of security test data that is configured to receive, from the test management engine, results for the security tests, including vulnerabilities data describing the security vulnerabilities; and a reporting component that is configured to generate reports of the identified security vulnerabilities based on the third repository of security test data. 2. The system of claim 1 , wherein the one or more input collectors include one or more of: an Internet Protocol scanner that scans ranges of addresses specified by the source definition data; a virtual server scanner that accesses virtual server account configuration data, at locations specified by the source definition data, to identify virtual server instances; or a Domain Name Server scanner that scans domain name server records specified by the source definition data. 3. The system of claim 1 , wherein the test management engine is configured to receive a first request, of the requests, to execute a first set of the security tests on the first set of particular security assets retrieved by the query component. 4. The system of claim 1 , wherein the security asset data for a particular security asset of the security assets include one or more of: a location at which the particular security asset is accessible, wherein the location is one of an Internet Protocol address or hostname; one or more available ports at the location; a first timestamp for when the particular security asset was first identified based on scanning the sources; a second timestamp for when the particular security asset was last identified based on scanning the sources; or a third timestamp for when a particular set of one or more of the security tests was last performed on the particular security asset. 5. The system of claim 1 , wherein the one or more monitoring components include one or more of: an inventory monitoring component that is configured to monitor the security asset data for changes in the security asset data or identified characteristics; a versioning monitoring component that is configured to monitor versioning information associated with the security assets; a site content monitoring component that is configured to monitor for changes in web pages output from the security assets; a source code monitoring component that is configured to monitor for changes in source code associated with the security assets; or an application programming interface monitoring component that is configured to monitor for changes in application programming interfaces associated with the security assets. 6. The system of claim 1 , further comprising a scheduling component that is configured to cause a particular target asset of the target assets to be submitted to the test management engine at least because a certain period of time has elapsed since the particular target asset was last tested. 7. The system of claim 1 , further comprising a logic component that is configured to automatically select which security tests, of a plurality of possible security tests, to perform on which security assets, based on the identified characteristics. 8. The system of claim 1 , wherein the one or more input collectors are configured to periodically scan the sources to identify new security assets that come online over the one or more computer networks. 9. The system of claim 1 , wherein the security asset data for a particular security asset of the security assets includes one or more general characteristics, the one or more general characteristics including one or more of: one or more application services provided by the particular security asset; contact information for a project owner for the particular security asset; or a description of the particular security asset. 10. The system of claim 1 , wherein the security asset data for a particular security asset of the security assets includes one or more exposure characteristics, the one or more exposure characteristics including one or more of: an indication of whether the particular security asset is accessible from a particular external Internet Protocol address; or an indication of whether the particular security asset is behind a load balancer. 11. The system of claim 1 , wherein the security asset data for a particular security asset of the security assets includes one or more encryption characteristics, the one or more encryption characteristics including one or more of: an indication of whether the particular security asset is an encrypted service; a certificate authority that issued a Secure Socket Layer certificate for the particular security asset; or Secure Socket Layer characteristics associated with the particular security asset. 12. The system of claim 1 , wherein the