Stick a machine on an unprotected DSL connection, simulate an attack with a port scanner or grab some virii from your stash (you have a stash from past attacks, right?).
That and real life are how I've tested. You can also find test exploits looking on the web and sometimes from security sites like SANS and Secunia.
Good luck!
Tom S