Two very important questions

Now that I have planted my foot in the door with this program and am receiving a good response, I want to set some security in place for myself.  First and foremost is what is the best way to go about doing a backup for my site?  Secondly I want to consider setting up a test server.  Now I only have one domain...is it not smart to do a test setup on the same server running as my live database?  should I buy a domain just for testing?  What do others do?  Thanks everyone!