how to audit drupal sites...2016/05/11 · 10.3 gitbook for publishing reports book format and...
TRANSCRIPT
1 . 1
How to auditDrupal Sites
2016.05.11 | DrupalCon New Orleans
| about.me/jonpeck @fourkitchens
1 . 2
Jon Peck
So�ware Architect at Four Kitchens
‐ github.com/fluxsauce drupal.org/u/fluxsauce
2 . 1
What is an audit?
Official inspec�on of accountsValidate the good thingsHighlight areas of improvement
2 . 2
Why audit sites?
Learn about contents and structureEnsure op�mal configura�onDiscover areas of improvement
2 . 3
Every site is unique, but...
Built with the same frameworkSimilar architectural requirementsOne size fits most
2 . 4
E�ective auditing
ConsistentQuan�fiableContextually awareEasy to understandAc�onable recommenda�ons
4 . 1
Site Audit
Drupal 7 and 8 site analyzerDrush command on target pla�ormPowers on Pantheon
drupal.org/project/site_audit
Launch Check
4 . 2
What does Site Audit report?Best Prac�cesBlockCacheCodebaseContentCronDatabaseExtensionsFront EndSecuritySystem StatusUsersViewsWatchdog
4 . 10
Extending Site AuditModules can implement both Checks and ReportsDocumenta�on in README.mdDrupal.org Issue QueueGitHub Pull Requests
5 . 2
Unused Modules
Lists projects that can be safely deletedIgnores disabled child modules
drupal.org/project/unused_modules
5 . 3
Security Review
Checks site and hos�ng configura�on, site contentdrupal.org/project/security_review
5 . 4
Hacked!
Compares contrib with versions on drupal.orgdrupal.org/project/hacked
5 . 5
Sensitive Data
search content for sensi�ve informa�on, like credit card orID numbers
drupal.org/project/sensi�ve_data
5 . 6
Cache Audit
Caching se�ngs of Drupal core, Block, Views, PanelsPanels is unique (not in Site Audit)
drupal.org/project/cacheaudit
5 . 7
PHP_CodeSni�er / Coder
Use Drupal 8 version to analyze code on both 7 and 8Drupal and DrupalPractice sniffsDetect devia�ons from
github.com/squizlabs/PHP_CodeSnifferdrupal.org/project/coder
Drupal Coding Standards
6
PHP ToolsPHP Copy/Paste Detector ‐
PHP Mess Detector ‐ Possible bugs, subop�mal or unused code,overcomplicated expressions
PHP LOC ‐ Measures size and structure
github.com/sebas�anbergmann/phpcpdphpmd.org
github.com/sebas�anbergmann/phploc
7
Git Tools
GitStats ‐ gi�nspector ‐
github.com/hoxu/gitstatsgithub.com/ejwa/gi�nspector
8
JavaScript ToolsESLint ‐ Pluggable lin�ng u�lity for JavaScript and JSXOfficial configura�on in Drupal 8
JSCS ‐ JavaScript Code Style
JSHint ‐ Detect errors, poten�al problems
eslint.org
core/.eslintrcjscs.info
jshint.com
9 . 3
Google PageSpeed Insights
developers.google.com/speed/pagespeed/insights
9 . 4
WAVE Web Accessibility Tool
Analyzes web pages for accessibilityAc�onable recommenda�ons on how to fix problems
wave.webaim.org
9 . 5
Qualys SSL Server Test
Analyzes SSL configura�onssllabs.com/ssltest
10 . 2
Report StructureOverview of scope, requirementsAc�onable recommenda�onsAppendixHow to install and use toolsRaw results
10 . 3
GitBook for publishing reports
Book format and toolchain using Git and MarkdownCommand‐line, uses Node.JSOutputs HTML, PDF, ebooks, and moreIncredibly useful for large structured reports
github.com/GitbookIO/gitbook
| | slides @fluxsauce @fourkitchens12
Good con�guration matters.Thank you! Feedback: goo.gl/8cg3Cn
| | slides @fluxsauce @fourkitchens12