Sometimes a tester cannot virtualize a system to do the proper penetration testing. What action should be taken if a system cannot be tested in a virtualized environment?
- a full backup of the system
- rebuild the system after any test is performed
- adopt penetration test tools that will certainly not damage the system
- a complete report with recommended repairs
Explanation & Hints: Being able to recover your production environment is important for many reasons. When doing penetration testing, the tester will break things no matter what tools are adopted. Sometimes when things are broken, they do not recover without support. Using some virtual environment is ideal as it offers snapshots and restore features for the system state. In such a case that the system cannot be virtualized, having a full backup of the system or environment is required. |