Post migration test tips: penetration testing, load testing, SSL testing

Peter .

A migration can be a pretty involved process. Losing or damaging data is the stuff of developer nightmares, so initiating the right tests is an essential step in the procedure. Once your migration is complete, you also want the reassurance of knowing that your website is safe and protected from hackers and other security threats. As a general rule, regularly testing your website for weaknesses is good practice and something you shouldn’t overlook.

A combination of tests can be carried out to ensure that everything is in tip-top shape and nothing poses a threat to your website or its users. We’ve covered the most common tests that developers or third-party security providers carry out to help you prepare for a successful migration.

Penetration testing

There are many tools out there, that can help carry out “Pen Tests” quicker and more efficiently and therefore to help you out, we have outlined a few you can use below:

Tools to help you:

  1. The next step in a pen test is to use a website vulnerability scanner which will assess the security of your web applications. OpenVAS is a standard tool of the trade, or you can use Nessus.
  1. An excellent tool package for Pen Testers is Metasploit. It has a huge variety of built-in exploits to help you run a thorough Pen Test.
  1. For a really powerful tool that can scan over 1000 web applications in less than 24 hours, you may want to consider Netsparker Security Scanner. This automatic web application can identify cross-site scripting and any exploitable SQL and XSS vulnerabilities.


  • Organise your assets and check your inventory before initiating the Pen Test so that if your tester identifies an issue, you can immediately weed out the bad apple.
  • Establish how far and wide you want to test. Although it may seem excessive to check everything, it’s always advisable to be thorough and ensure you have access to any remote devices for the Pen Test to be precise and effective.
  • Pen Testing isn’t just a box-ticking exercise. Not picking up on important vulnerabilities could cost your business money, clients, and your reputation. Take a thorough and proactive approach to mimicking the “baddies” so that you can really protect your business in the long run.

Load testing 

You want to make sure that your website can handle all the users and data volumes that it receives before it goes live, therefore it’s natural to carry out load testing to check it’s running smoothly after a migration.

Tools to help you carry out load testing:

  1. Apache JMeter can simulate heavy loads on your servers and networks to analyse how they perform under the pressure of different load types. This open-source application is a must-have resource when preparing to launch a website into the real world because it allows you to create custom load testing scripts to fit your requirements.
  1. Silk Performer can test multiple application environments with a high volume of concurrent users. This tool can generate helpful reports and tables to facilitate customisation and is generally very user-friendly.
  1. Load View will help you to stress test your website, web apps, and APIs with a multitude of concurrent connections. It’s entirely managed in the cloud and requires no hardware or network to maintain. You can design a variety of test scenarios to run even the most complex applications through their paces.


  • If you haven’t integrated continuous testing in your procedures already, a migration might prompt you to start testing earlier on and more frequently. This is because the more prepared you are, the less likely you are to suffer setbacks due to significant unforeseen issues that only crop up once you do a big load test this can be particularly detrimental when your website needs to go live by a specific date to align with a promotional campaign or event.
  • Contact your third-party partners and suppliers before you initiate a load test as it may influence their scripts on your site. By preparing them, you can ensure that small niggles don’t turn into big, ongoing problems.


Your SSL (Secure Sockets Layer) certificate provides authentication for your website and encrypts the connection. This certificate reassures users that their private information is safe particularly important if you collect credit card details or personal information (you’re very likely to be a target for hackers).

At Nimbus, we offer free SSLs when you use our STORM hosting platform. It’s instant and automatically renews, making sure your website is always PCI and GDPR compliant. However, if you require a little more consumer confidence in your website, you should consider a paid for SSL from a more well know certificate authority. At Nimbus we supply DigiCert SSLs with free validation assistance and free installation on to any of our server packages. DigiCert secure 97 on the worlds top 100 banks with their SSLs!

Post-migration, if you’d like to ensure that everything is up to date, you can use Geekflare to test your Transport Layer Security (TLS) to make sure that secure communication is established.

These are just a few of the most useful tools you should look at adding to your kit. You can also have a look at our migration kit if you’d like to avoid all the common pitfalls of changing hosting providers. It’s important to remember that your website and applications should be regularly tested so that optimum security is maintained. This will save you time and effort when it comes to an actual migration and will ensure that your website is always performing at its best.  
Migration kit download

Nimbus Hosting
1 Centrus, Mead Lane Hertford Hertfordshire SG13 7GX GB 0203 005 9181 [email protected]