Cloning systems for testing

How practical / realistic is it for when the pen testers to come in to clone applications/servers so they can run there pen test tools on a cloned environment that mirrors the live application and infrastructure for business continuity purposes?  Say we have an asp.net IIS/SQL Server web app, but we dont want them ruinning thorough attack tools against the live system, is it easy to make a replica copy and let them run their tools and manual tests against a clone? Does cloning it mess up all the code, i.e. will the app not work if you essentially pick it up and move it? Any feedback welcome - management speak preferred.
LVL 3
pma111Asked:
Who is Participating?
 
dan4132Commented:
What about using something like VMWare to do this? Make an image of your server and upload it to a VM? That way you could run as many VM's as you wanted (resource allowing of course) and not have to worry about crashing the Live products.
0
 
pma111Author Commented:
Will a clone of the app not affect its functionality?
0
 
OP_ZaharinCommented:
- cloning or setting up a copy of the production database for testing purposes is the right approach. we did not want the production data to be messed up with the test and we did not want any performance affected prior to the test. further to that the tester will also get to test on a 'real' data as of the cloning date. 

- however they might complaining - "it is not the real environment" and they insist of doing it on production server as it is understand that they have to provide detail report on every aspect. you can arguing back by telling them to prove that their test tool works on the cloning environment first before going to the prod.

"is it easy to make a replica copy"
- depending on what database/application you use. the product might have special feature or function to do cloning/copy. 

"Does cloning it mess up all the code, i.e. will the app not work if you essentially pick it up and move it?"
- do you mean your application code? you can setup the clone database and application server on another server (not on the prod server), configure your 'clone' application to read the clone database instead. you also might to install and setup any 3rd party software/library that is used by that application(if such is used). this is to ensure no functionality affected. it might require additional work to do so, but this will ensuring your production db and app is safe.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.