Conducting A Holistic Audit For Performance, Security, Robustness, And Scalability
Learningdesigned.org from CAST is a professional learning platform that connects a community of educators with credentials and learning resources. CAST had previously worked with different tech partners to develop the platform in Drupal 7 and 8.
But the customer wanted to validate if they were being able to make the most of its paid modules, user roles and privileges, business feature releases, accessibility, and more. And as Drupal 8 end of life came closer, they also wanted to be sure if the website was ready for an upgrade.
A thorough audit by Axelerant would be the first step toward gearing Learningdesigned.org for resolving these challenges and scaling up.
About the Customer
Learningdesigned.org is a platform that is owned and operated by CAST, Inc. It is a state-of-the-art online platform for connecting a community of educators and resources to prepare today's learners for a fast-changing world.
Using Universal Design for Learning (UDL), an evidence-based framework, the tool helps educators champion learner variability and improve learning outcomes. In particular, Learning Designed provides credentialing opportunities for educators to demonstrate their knowledge and skill related to UDL.
CAST, the parent company of Learningdesigned.org, is a multi-faceted nonprofit organization. It aims to transform education design and practice until learning has no limits by creating an enriched and equitable culture of learning to maximize everyone's potential.
Axelerant demonstrates really strong command of Drupal and combines that expertise with careful project planning and estimates that make it easy to set our expectations on working with them on our development needs. We also appreciate their clear communication on their progress along the way.
Steve Nordmark Director of Business Development CAST, Inc
The Challenge
The customer was aware that their site had become outdated as D8 had reached the end of life. Since the upgrade to D9 was due, the customer wanted to validate the overall compatibility with the D9 version.
Three major areas needed to be airtight. And for that, we needed to validate certain core metrics.
- Security
- Were there any known vulnerabilities in the dependencies, evidence of common errors such as SQL or JavaScript injection, plaintext storage or transmission of passwords, etc.?
- Were they making appropriate use of the Drupal security and permissions model?
- Was user data being handled with appropriate care?
- Robustness and Maintainability
- Were the modules compatible and up to date? Did it make use of built-in Drupal capabilities where appropriate?
- Was anything about the site structure going to cause difficulties in applying future Drupal updates?
- Was the code organized, documented, consistent in style, and in accordance with the best practices?
- Was the website compliant with WCAG accessibility standards?
- Performance and Scalability
- Was the site set up so that pages can be served efficiently?
- Was it making unnecessary demands on the database, either in how data is stored or in how it is retrieved?
- Was the page load time acceptable, and is it making appropriate use of caching and other performance techniques?
- Was the server infrastructure appropriate for the needs of this site?
Three major areas needed to be airtight. And for that, we needed to validate certain core metrics.
The Solution
This called for an audit of the project for security, performance, and scalability.
This Drupal Audit Report included:
- Risks
- Observations
- Recommendations
We also presented the audit report to the customer’s team and answered their follow-up questions.
The Result
The result was a comprehensive and well-rounded Drupal Audit Report and recommendations that would help Learningdesigned.org optimize the platform’s performance, security, robustness, maintainability, and scalability.
The audit included not just the identification of issues but also resolution.
A few of these findings and recommendations are listed below:
- Security updates and LMS distribution compatibility-related stats
- High-level issues related to PHPCS (PHP Code Sniffer) and PHPMD (PHP Mess Detector) should be resolved for custom modules and themes
- Automating the deployment process
- Integrating the available Cypress tests into a CI/CD pipeline along with deployment to environments to save time and catch issues much earlier
- Improvements in development workflow like peer review and raising PRs for each change
- Having a lighter version of the LMS added instead of having unused modules added to the site to speed up CI and local setup time
- Documenting the workflow and deployment process to ease the developer experience
- Simplifying the local setup process with tools like Lando and DDEV
- Configuring NewRelic to its full potential
- Adhering to Drupal coding standards for custom modules’ code and quality; preventing security loopholes by adhering to it
- Integrating the Dependabot for checking the updates
With a comprehensive audit and recommendation list in place, Learningdesigned.org is undergoing an update. Our team is proud to support them on their journey toward providing educators with the resources they need to support all learners.
Here’s what our Audit and Recommendations revolved around:
The report was broken down to include key observations, must-have recommendations, and some of the suggested next steps to fix the issues for the following areas:
- Code Quality
- Reviewed custom Drupal modules and Themes for coding standards
- Used tools like PHPMD and PHCS for static code analysis
- Performance and Security
- Included Google Pagespeed insights, Lighthouse Audit Report, Server Stack Audit, and advanced performance improvement suggestions
- Accessibility
- Tested the website for WCAG standards and found that the site was 82% compliant with standards.
- Audited the website for Form Criteria, ARIA Attributes, Color Contrast, Semantic HTML, and more.
Project Highlights
-
Thorough Initial Discovery
-
Code Review
-
D9 Compatibility Test
-
The Extra Mile—Additional Reviews
Thorough Initial Discovery
While all our projects begin with a discovery session, this one needed special care for the fact that there was no prior documentation.
So, we planned a thorough product walkthrough session with the customer to understand the backend and frontend workflow.
As for insight into the deployment process, we coordinated with the customer’s Development Team.
All this helped us understand the main audit areas we needed to focus on.
Code Review
Our customer had been following complex processes. And in the absence of due documentation, we needed to follow certain technical reviews that yielded actionable information about these processes.
Here’s what we did:
- Code review per Drupal standards and best practices.
- Code review for the specific use cases (security, robustness, maintainability, and scalability) shared by the customer to get concrete analysis results.
D9 Compatibility Test
Closing on to the D8 end of life, an upgrade to D9 was inevitable. But, we need to ensure that the website is ready for the upgrade.
To that effect, we headed with the Drupal 9 compatibility tests, including reviewing the existing code base for deprecated code and composer compatibility.
This would enable the customer to:
- Make the most of paid modules such as Opigno LMS
- Make the platform robust and maintainable
- Adhere to the coding standards
- Make the website scalable for a new product plan and enhancements
- Achieve accessibility as per WCAG
The Extra Mile—Additional Reviews
Since the website was a D8 website, a Technical Drupal Audit was an absolute necessity. However, to ensure a high-performing website, we found it necessary to conduct a few more reviews.
Here are the reviews we conducted additionally:
- Past Release Review
- Opigno LMS Usage Review
- Accessibility Review
- New Relic Tool Review
These reviews ensured a well-rounded audit that took account of all platform functionalities.
Based on these reviews, we were able to give a holistic list of recommendations to our customer.
Get in touch.
Send us a message and connect with one of our brand consultants to find out exactly how we can help you.