January 11, 2021

If my staging environment mirrors production, isn’t that the same as testing prod but safer?

My opinion: if your staging environment is **exactly the same** as production then it is valid to security test and expect the same results. But your staging environment is likely a test bed to flush out bugs that are hard to debug in production. Most staging environments run the same software as their production counterparts but the scale (number of servers, data centers, etc.), network rules and infrastructure is far different, to lessen the cost. Even a simple example of production spanning 3 data centers vs a single DC for staging is a large difference to an attacker, who is looking at surface area as part of their attack.

Other thoughts?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.