About eZ Publish audit...
We check many important parts of eZ Publish and eZ Platform websites to ensure security, performance and usability. There are few example tasks which are being performed:
Security analysis. To avoid data leakage we check
- eZ Publish version upgrade and available security fixes recommendations
- access to modules which present too many system informations for anonymous users
- database queries which can be sensitive for sql injection
- partial server configuration to ensure that at least basic security like SSL encryption is provided
Performance analysis. To ensure page is loading quicky we check:
- number of queries on each page to check the server usage
- configuration of „ViewCache” and „TemplateCache” to ensure that cache is used as often as it's possible
- javascripts and stylesheets quality and loading method
- templates structure and variables definitions
- database queries performance
- fetching functions parameters and logic
Flexibility analysis. To ensure both backoffice and front-end user-friendly environment we check:
- operators used to display images and URLs to allow domain independent environment
- translations settings and usage to allow mulitlangual usage
- modifications of eZ Publish kernel and custom content attributes to allow future updates
Code quality. To ensure efficient and developer-friendly environment we check:
- PHP Standards Recommendations
- eZ Publish recommendations for structure of classes, modules, operators and handlers
What do we check (for example) ?