Cloning systems for testing

Posted on 2011-04-27
Last Modified: 2012-06-27
How practical / realistic is it for when the pen testers to come in to clone applications/servers so they can run there pen test tools on a cloned environment that mirrors the live application and infrastructure for business continuity purposes?  Say we have an IIS/SQL Server web app, but we dont want them ruinning thorough attack tools against the live system, is it easy to make a replica copy and let them run their tools and manual tests against a clone? Does cloning it mess up all the code, i.e. will the app not work if you essentially pick it up and move it? Any feedback welcome - management speak preferred.
Question by:pma111
    LVL 3

    Accepted Solution

    What about using something like VMWare to do this? Make an image of your server and upload it to a VM? That way you could run as many VM's as you wanted (resource allowing of course) and not have to worry about crashing the Live products.
    LVL 3

    Author Comment

    Will a clone of the app not affect its functionality?
    LVL 23

    Assisted Solution

    - cloning or setting up a copy of the production database for testing purposes is the right approach. we did not want the production data to be messed up with the test and we did not want any performance affected prior to the test. further to that the tester will also get to test on a 'real' data as of the cloning date. 

    - however they might complaining - "it is not the real environment" and they insist of doing it on production server as it is understand that they have to provide detail report on every aspect. you can arguing back by telling them to prove that their test tool works on the cloning environment first before going to the prod.

    "is it easy to make a replica copy"
    - depending on what database/application you use. the product might have special feature or function to do cloning/copy. 

    "Does cloning it mess up all the code, i.e. will the app not work if you essentially pick it up and move it?"
    - do you mean your application code? you can setup the clone database and application server on another server (not on the prod server), configure your 'clone' application to read the clone database instead. you also might to install and setup any 3rd party software/library that is used by that application(if such is used). this is to ensure no functionality affected. it might require additional work to do so, but this will ensuring your production db and app is safe.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now