Drupal Audit
close

on 23rd May 2016 / by Moses Raymond
Security Audits play a crucial role in an organization’s ongoing effort to address security concerns. After identifying any potential security issues, remedial steps need to adopted; in fact, a Security audit is one of the first steps that need to be taken. No organization in its right mind would want to leave their websites vulnerable to hacking, and conducting a security audit is the best way to tackle security issues. A Security audit should be conducted at regular intervals if: Your website is slowing down and you want to diagnose the reason and repair it quickly You want to assess the security level of your Drupal website You are keen to reduce maintenance expenses by enhancing Drupal code quality You want to give your visitors a better overall experience on your website A Security Audit is also a fool-proof method of evaluating the work carried out by a third party and check for any underlying defects. Also, a security audit conducted before initializing any development work is useful in identifying any unresolved issues. The following steps are a few of the key checks done during a Security Audit: Code and Security: Here, the website is checked for any vulnerabilities, and proper analysis is done to make sure that the appropriate security updates are installed. The proper working of the software and updates is thoroughly checked. Content Structure: Any critical issues related to your site’s content structure, within your site’s nomenclature, is deeply examined and the corrective action is taken. Complete Functionality check: The website is checked for any broken links, obsolete and non-operational modules, along with any missing functions. This ensures that the website is functional in all aspects. Speed and Performance check: The security audit firm will also check for the site’s receptiveness and speed issues, if any, and document the probable causes of the same. Check for Best Practices: A comprehensive review of the website’s nomenclature, code, configuration and modules is also carried out to confirm that standard and best practices are being employed. On-page SEO: This is also an important assessment that is done by most security audit companies. An in-depth review confirms if your website needs any changes or enhancement to the on-page SEO and a detailed report is submitted. Zyxware's Drupal Security Audit Zyxware's Drupal Security Audit consists of the below mentioned steps: Consultation: In this phase, our audit team meets with the client to understand their requirements and gather any other information that may be critical to the audit process. Comprehensive Audit: Our technical experts examine every area of the website including the architecture, page timings etc. Documentation: After the review, every team documents its findings that will become part of an exhaustive report which is submitted to the client. Review and Recommendations: The Audit team then schedules a review meeting with the client and also creates a plan with suggestions and recommendations. Over the past decade, Zyxware has provided end-to-end Drupal services; from Drupal design and development to consultancy and support, which also involves Drupal Security Audit and Reporting services. We have a long list of satisfied clients who will vouch for our proven and successful methods. We carefully analyze your site, identify security concerns, provide recommendations and work closely with you to implement them. So, give us a call today to find out how you too can benefit by partnering with us. Drupal Development services Drupal Audit Drupal Security Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 15th May 2013 / by Anoop John
Drupal is a powerful portal framework and a content management system. However the power of the system can really be tapped into if the site is built right. Whether a Drupal site is built right or not is not something that may not be very obvious in all scenarios or for an untrained eye. There are definitely implications for not building Drupal right but the implications may not be very evident always. So how do you know if a Drupal site is built right? We had earlier written about how to self evaluate the quality of build of your Drupal website. The steps outlined in the self evaluation should give you general indications on whether the Drupal site was built right. However to know for sure whether it was so you will have to engage a Drupal company to conduct a full Drupal audit on your site. A full Drupal Audit should take care of the following aspects of the site Drupal Coding standards Drupal API standards Nomenclature Aspects Drupal SEO Aspects Drupal Performance Aspects Drupal Security Aspects Drupal Configuration Aspects Do note that this would only tell you whether the Drupal site was built right from a technology perspective. There could still be aspects related to the requirements that were implemented incorrectly. Catching those would require a full testing of your Drupal site against documented requirements. This is where documentation of requirements is very important. We will be happy to offer our services to conduct a full Drupal Audit on your site against these aspects listed earlier to find out if your site was built right. We will also be able to take the site through a full round of testing against documented requirements. If requirements were not documented originally our business analysis team could work with you to help build out your requirements first and then have our testing team test the whole site against these requirements. Contact us to learn more. Drupal Drupal Testing Quality Drupal Audit Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 15th May 2013 / by Anoop John
Quite often we get support requests from clients who believe that 95% of their site is working fine but for a few lingering issues which their previous developers could not fix / complete. In most cases the lingering issues are more symptoms of bad builds than pending issues. In such cases we usually insist on a full Drupal review and audit of the site before we work on the issues. The client would normally be shocked to know that there were a lot of things on the site that were not done right but it would be too late for any corrections by the original developers. So how do you know if your Drupal site is built right? The simple answer is that if you are not a Drupal developer yourself you will never know for sure on your own. But there are several things you can check on your own that will give you an indication of whether things are done alright. To know for sure you will have to engage an established Drupal development company to conduct a full Drupal audit on your site and give you a full report. Here are some simple steps to get a high level feel of whether things are done right General best practices - Check if the developers are using some kind of version control system and whether you can get access to the version control system. Good developers will definitely use one and they would be happy to give you access. Good developers would tend to create good sites. Small things done right - Set up a copy of the site locally and set up coder on the site and see if the code built passes Drupal coding standards. If the developers had paid attention to small things like indentation and spacing it is more likely that they had paid attention to more complex aspects of the site and had built those right. Check for carelessness - See if there were spelling mistakes in comments and code. Check if there were unused files left on the server. See if there are non-core PHP files in the root folder (download the latest drupal core and see what are the core PHP files in the root). If the developers were not careless then they would have made lesser mistakes Take the site through the w3c validator - See if there were glaring HTML errors in the output. This will show whether the site has gone through non-functional testing and if it has then the likelyhood of architectural issues would be lesser. Test for security aspects - See if there are pending core or contributed module security updates when the site was deployed. If there were, then proper attention to security was not given when the site was built. Test for performance aspects - Check a few views and see if views caching were enabled. Try to edit the views from admin views listing to see the views caching configuration. Be careful to not try to change or save anything. If attention was given to performance aspects then views caching configurations would have been taken care of. If there were too many issues that you find from these quick checks then you should reach out to an established Drupal consultant or a Drupal company who can conduct a full Drupal audit and give you a detailed report of the issues identified. You can then get the provider who built your site to take care of the problems identified or you can have another provider take care of the problems for you. If you think that you need expert help in checking your Drupal site we will be happy to help conduct a full Drupal site audit on your site. We will also be able to help fix the problems identified in the audit. Contact us for a drupal audit. Drupal Quality Software Quality Drupal Audit Leave a reply Your email address will not be published. Required fields are marker *