A migration can be a pretty involved process. Losing or damaging data is the stuff of developer nightmares, so initiating the right tests is an essential step in the procedure. Once your migration is complete, you also want the reassurance of knowing that your website is safe and protected from security threats. As a general rule of thumb, regularly testing your website for weaknesses is good practice and something you shouldn’t overlook.
Lucky for you there’s a combination of tests can be carried out. They’ll be your top ways for ensuring your sites are in tip-top shape and nothing poses a threat to your website or its users. In this blog we cover the best 3 ways to test post-migration. Including common tests that developers or third-party security providers can carry out to help you prepare for a successful migration. Let’s get straight into it.
There are many tools out there, that can help carry out “Pen Tests” quicker and more efficiently. Here are a few you can use bellow.
Tools to help you:
- Use a website vulnerability scanner which will assess the security of your web applications. OpenVAS is a standard tool of the trade, or you can use Nessus.
- An excellent tool package for Pen Testers is Metasploit. It has a huge variety of built-in exploits to help you run a thorough Pen Test.
- For a really powerful tool that can scan over 1,000 web applications in less than 24 hours, you may want to consider Netsparker Security Scanner. This automatic web application can identify cross-site scripting and any exploitable SQL and XSS vulnerabilities.
Top tips for pen testing
1 Organise your assets
Check your inventory before initiating the Pen Test so that if your tester identifies an issue, you can immediately weed out the bad apple.
2 Establish how far and wide you want to test
Although it may seem excessive to check everything, it’s always advisable. Be thorough and ensure you have access to any remote devices for the Pen Test to be precise and effective.
3 Pen Testing isn’t just a box-ticking exercise
Not picking up on important vulnerabilities could cost your business money, clients, and your reputation. Take a thorough and proactive approach to mimicking the “baddies” so that you can really protect your business in the long run.
Website migrations, made simple.Our skilled support team will handle your website migrations – so you can focus on the bigger things.
You want to make sure that your website can handle all the users and data volumes that it receives before it goes live. Therefore it’s natural to carry out load testing to check it’s running smoothly after a migration.
Tools to help you carry out load testing:
Apache JMeter can simulate heavy loads on your servers and networks to analyse how they perform under the pressure of different load types. This open-source application is a must-have resource when preparing to launch a website into the real world. This is because it allows you to create custom load testing scripts to fit your requirements.
Silk Performer can test multiple application environments with a high volume of concurrent users. This tool can generate helpful reports and tables to facilitate customisation and is generally very user-friendly.
Load View will help you to stress test your website, web apps, and APIs with a multitude of concurrent connections. It’s entirely managed in the cloud and requires no hardware or network to maintain. You can design a variety of test scenarios to run even the most complex applications through their paces.
Top tips for load testing:
- If you haven’t integrated continuous testing in your procedures already, a migration might prompt you to start testing earlier on and more frequently. This is because the more prepared you are, the less likely you are to suffer setbacks due to significant unforeseen issues that only crop up once you do a big load test this can be particularly detrimental when your website needs to go live by a specific date to align with a promotional campaign or event.
- Contact your third-party partners and suppliers before you initiate a load test as it may influence their scripts on your site. By preparing them, you can ensure that small niggles don’t turn into big, ongoing problems.
Your SSL (Secure Sockets Layer) certificate provides authentication for your website and encrypts the connection. This certificate reassures users that their private information is safe particularly important if you collect credit card details or personal information (you’re very likely to be a target for hackers).
At Nimbus, we offer free SSLs when you use our home-grown hosting platform. It’s instant and automatically renews, making sure your website is always PCI and GDPR compliant. However, if you require a little more consumer confidence in your website, you should consider a paid for SSL from a more well know certificate authority. At Nimbus we supply DigiCert SSLs with free validation assistance and free installation on to any of our server packages. DigiCert secure 97 on the worlds top 100 banks with their SSLs!
Post-migration, if you’d like to ensure that everything is up to date, you can use Geekflare to test your Transport Layer Security (TLS) to make sure that secure communication is established.