Since testing is the primary goal here, I won’t discuss the security practices related to Windows+Apache+MySQL+PHP. But with a simple step you can secure your test server from external attacks: configure your firewall to block all Internet access to the server, as only your computer or your local network needs access to it.
On other hand, don’t think that test servers don’t need any protection. If you leave the server open to Internet, you’ll be exposed in the same way as production web sites, since hackers/crackers usually scans ranges of IP …

When you are making a web page, the easiest way of view a page stored in your hard disk is double-clicking in the file, which usually results in the page being opened in your default browser. But this method it’s good enough for simple static pages, it’s not useful if you are using server side languages (PHP, Perl, ASP…), or even for pages that are static but use links relative to the server root (like “/index.html” or “/css/styles.css”). In this situations the solution is either upload the files to the …