DrupalCon Prague 2013

Auditando sitios web Drupal

Kalle Varisvirta  · 


Extracto de la transcripción automática del vídeo realizada por YouTube.

my name is calabar espírita i'm from finland working for a company called excel i'm here to talk to you about all thing to pull sides some things that i just want to say is that i'm going to be going in and out of drupal in the technical matter

as well so some parts might be difficult to understand if you're not a technical person then some parts might be boring if you are so hopefully i bore all also some understanding of the business involving dribble should be useful all listening to me so

um let's get a hands up first for technical people ok and then drupal businesspeople okay our fair share both what hmm what I'm going to talk about here is that why our duple audits done in the first place there are several different reasons for those

how they are done and I'm going to include some technical details as i said earlier and then i'm going to go briefly into the business of triple audits there are some challenges that needs to be taken into account when doing audits as a business so

let's start what's an audit audit yep that's I'd wonder if I can switch off the lights from somehow anybody okay better okay good atlas for that for the light switching guy thank you okay so all it is a run to of an implementation of a site

that means that an experienced developer goes to a site in and out all aspects of it it doesn't mean that he reads every role of code but it's a very thorough thing usually and as I said all its I've done for many different reasons and the process

of doing in our it varies a lot we'll get to that next but so how many of you have done an audit okay how many of you had your work scrutinized by an audit less people we have more auditory system to get the people getting audited okay good one all right

why are why are all it's done so we have four categories of audits acquisition audit implementation verification audit vendor management audit and support or these are not official categorizations of audits this is just my hunch of how I would divide them

into groups acquisition on it that's part of a well it's usually done before making the decision to buy a business that means that it's part of the due diligence process and some of you might know what that means but that means a investigation

of a company before signing a contract usually to buy it so that's for acquisitions that that means obviously due diligence means also the financial side and all the others but when the company's business involves web or the site in really key aspect

of it then it's usually a really key aspect of the whole due diligence to do the audit for the side usually they are done obviously the smallest startups anyone who base their whole business online and it's a very in depth and focuses on kind of a

hidden agenda usually the company that's buying the other company the boiler has plans for the site and they don't tell the target of the of of the deal what those plans are but they audit the auditor needs to know what what those plants are so you

need to know what what they want to do with the site so you can actually audit it in a proper way the next category is the implementation of verification or it I would say that's just to verify an implementation of a site that's more like an insurance

policy the customer just wants to pay to do not have any problems they're not expecting a lot of problems these are usually pretty brief done in collaboration with the with the vendor was working with the site and shouldn't ever be done to a system

that's not finished by the way when you see those lines that shouldn't something shouldn't dump that's that's something that I've done and then I feel bad for doing it so it's something that I learned so don't do it for unfinished

systems because you that's just stupid then there's the vendor management audit and this is a bit complicated one that means that your customer who's buying the audit is wanting to switch their vendors not necessarily to you but to something else

and they usually have some problems with the current vendor and that makes it a bit difficult because usually they don't tell the current vendor that this is happening so you'll have to do it without any help for the curve from the current vendor and

that makes an audit a bit harder we'll come to that also this might be very brief but usually it's it's a bit longer audit my long I started that I've ever done was a vendor management or it took about more than 30 million days to do that wasn't

the Drupal though was it was custom code a lot of it and this time the client expects to find something that taken based on their their decision to switch vendors they might just have a personality clash with the current vendor but they still want something

to base their decisions on and you shouldn't go into that trap we can we come to that later as well then there's the support audit this is when it happens when you move an existing system to to your support unfortunately this very important order to

you but not very important to anyone else so you won't probably get get paid a lot or paid at all doing this but you should still do it this means that you'll be getting someone else's code into your support and you'll have to support it later

on and then you should do an audit at least a brief one and this is also the type of audit where you can learn from the experience because in the long run if you take an existing side to support you'll find you'll find out all the problems with the

side you'll also learn what you missed in the audit so this is a really learning experience unfortunately this it's also when it's when it's a really good learning experience also have been pretty nasty one because you have a really broken

site in your support that happens every once in a while so going to how it's actually done tip 1 you always need the source code always first and foremost okay start taking notes from day one you need you need those notes to back your memory up you'll

forget everything and remember stuff wrong later on then you'll have to go back and recheck and even though it's fun it's kind of exhilarating together get a USB stick of some code you never seen before and you want to just investigate go through

everything once you should write notes while doing that because you'll forget to do that and you'll forget everything you saw and you'll just remember that it might have had this in this file and this directory somewhere and then you have to recheck

[ ... ]

Nota: se han omitido las otras 3.256 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.