Why are security tests preferably executed on the acceptance/test environment?

Different tests are performed during a security research. It is possible that vulnerabilities in the application are exploited during these tests. As a result, data may be changed or even deleted. To exclude this from the production environment, pentests are preferably performed on the acceptance environment (development or test environment). For results to be representative, we recommend using an exact copy of the production environment.

For tests that can not be carried out on the acceptance/test environment, these will be executed on the production environment. This always takes place in consultation with the client.