Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Support / Maintenance travails
Why and how to audit legacy sites
Suchi Garg
Technical Team Lead
Introductions!
→Business Owner perspective
Maintenance contracts?
→Developer Perspective
“Taking over an existing site from a contract developer or company
that doesn't primarily build Dru...
Site Audits!!
In comes the Savior
To put simply - audit is a runthrough of the implementation of the Drupal site.
is a Site Audit?
A Drupal site audit is a ...
→ Acquisition Audits - generally done before buying new sites/ businesses
→ Implementation Verification Audits - A custome...
to do an audit?
→ Site Audit helps us in understanding the exact “health” of the install - which in turn helps in
contract negotiation.
→ ...
BEFORE you actually write a single line of code.
The second best time to get a site
audit done
Get a local install done.
→Get the FULL source code
→Get the complete DB. If the data is sensitive - ask for obfuscated da...
Tools Needed
This module scans the currently installed Drupal, contributed modules and themes, re-downloads
them and determines if they...
The Site Audit module provides us a general overview of common config options that should
generally be set in a production...
The Security Review module does similar checks to the Site Audit module, but with a focus on
security. An important one is...
While not essentially a site audit tool, we always make sure to run our sites through Coder as well.
Coder checks the Drup...
→ Check the update status of core as well as contrib modules - have the latest security
patches been applied?
→ You'll wan...
Usually a report is submitted after site audits - which has the following components:
→ Introduction - What is the site’s ...
One word -
can do a Site Audit?
Questions?
Thank You
Upcoming SlideShare
Loading in …5
×

Support/ maintenance travails - Why and how to audit legacy sites

194 views

Published on

As a Technical Team Lead in Continuous Delivery, I work mainly with support/ maintenance offerings. Taking an existing site over from another team (internal OR external) is often a very daunting task. Thats where Site Audits come into the picture. Some questions which site audits answer are:

How much is the code "hacked" - probably the most important question for all developers
Have the best practices been followed?
Is the server capable of handling the site?
Top level listing of technical debts
and many more such questions....


In this session, I will talk about the importance of site audits, the timing of site audits and also some tools and techniques which need to be used when auditing a site.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Support/ maintenance travails - Why and how to audit legacy sites

  1. 1. Support / Maintenance travails Why and how to audit legacy sites Suchi Garg Technical Team Lead
  2. 2. Introductions!
  3. 3. →Business Owner perspective Maintenance contracts?
  4. 4. →Developer Perspective “Taking over an existing site from a contract developer or company that doesn't primarily build Drupal sites (or even some that do) can often be a daunting task” Maintenance contracts?
  5. 5. Site Audits!! In comes the Savior
  6. 6. To put simply - audit is a runthrough of the implementation of the Drupal site. is a Site Audit? A Drupal site audit is a process to establish a clear baseline about how a Drupal website is built and configured and how it functions. The site audit provides the foundation for knowing what is required to get your site to meet its business objectives. Unless a site is exceptionally well-documented, current and accurate, the audit is necessary before additional work is done to the site by a developer other than the one that built it. This avoids creating new problems on top of any that may already exist.
  7. 7. → Acquisition Audits - generally done before buying new sites/ businesses → Implementation Verification Audits - A customer wants to validate work done by their vendors - usually very brief engagements. → Vendor Management Audit - Done to switch vendors when the existing vendor is problematic → Support Audit - Again very brief - but needed when the system needs to be moved to be supported by a different entity. Types of Site Audits
  8. 8. to do an audit?
  9. 9. → Site Audit helps us in understanding the exact “health” of the install - which in turn helps in contract negotiation. → Provides the client with an overview of where their site currently sits in terms of performance, security and general quality of the build. → It provides us with a good knowledge of the estimated effort needed before "diving in". Ideally site audits should be done before the contract is signed.
  10. 10. BEFORE you actually write a single line of code. The second best time to get a site audit done
  11. 11. Get a local install done. →Get the FULL source code →Get the complete DB. If the data is sensitive - ask for obfuscated date. →Install the site on a local server/ localhost. →Try to understand the architecture to do a Site audit?
  12. 12. Tools Needed
  13. 13. This module scans the currently installed Drupal, contributed modules and themes, re-downloads them and determines if they have been changed. Changes are marked clearly and if the diff module is installed then Hacked! will allow you to see the exact lines that have changed. Hacked https://www.drupal.org/project/hacked
  14. 14. The Site Audit module provides us a general overview of common config options that should generally be set in a production environment without manually checking them. This can give you a good idea of how performant the site is so if speed has been an issue for your client's site then this can help. Site Audit runs as a standalone drush command. Site Audit https://www.drupal.org/project/site_audit
  15. 15. The Security Review module does similar checks to the Site Audit module, but with a focus on security. An important one is making sure that inputs don't accept PHP and that no PHP or Javascript code is currently contained within nodes and comments. Security Review https://www.drupal.org/project/security_review
  16. 16. While not essentially a site audit tool, we always make sure to run our sites through Coder as well. Coder checks the Drupal install against coding standards and other best practices. A note here – it runs through the contributed AND the custom modules and themes. Coder https://www.drupal.org/project/coder
  17. 17. → Check the update status of core as well as contrib modules - have the latest security patches been applied? → You'll want to check for custom modules and take a look at what they're doing. Focus on ▪ security holes ▪ performance problems ▪ beginner mistakes ▪ Was the custom module needed? → Take a look at the watchdog table if logging was turned on for the site (Or look at the syslog). You'll want to see if any modules are causing things like PHP warnings, errors or 404's. → Also make sure you take a look at the theme(s) enabled on the site. You'll want to check things like the number of templates, the code in the templates and most importantly check for any funny business in the template.php file. → If possible - talk to the original developers of the site - they might even tell you pain areas - be polite!
  18. 18. Usually a report is submitted after site audits - which has the following components: → Introduction - What is the site’s purpose, basic architecture, platform and modules used. Also discusses the implementations on a high level. → Findings - Lists out all the findings - both positive as well as negative → Improvement areas - what needs to be done to fix the problem areas of a Site Audit?
  19. 19. One word - can do a Site Audit?
  20. 20. Questions?
  21. 21. Thank You

×