A method, apparatus, system, and computer program product for performing security testing. Information about successful payloads in payloads is determined by a computer system using crowd-sourced data in which a successful payload is a payload used in a successful attack. A set of popular payloads is determined by a computer system from the payloads using information about the successful payloads determined using the crowd-sourced data. Testing is focused by the computer system on the set of popular payloads based on a set of key features for the set of popular payloads.