SlideShare a Scribd company logo

Debugging, Monitoring and Profiling in TYPO3

AOE
AOE

The document discusses best practices for debugging, monitoring, and profiling websites to ensure smooth performance during development and when live. It recommends automating error detection and reporting, using tools like assertions to catch bugs early, monitoring server logs and tools like Google Webmaster Tools, and profiling code to identify performance issues. The goal is to reduce time spent searching for and fixing bugs to increase productivity.

1 of 51
Downloaded 29 times
Debugging, Monitoring and Profiling Fabrizio Branca fabrizio (dot) branca (at) aoemedia (dot) de Twitter: @fbrnc
This talk is… • sharing some best practices • sharing some tools with you • an (incomplete) checklist • a reminder (hopefully) Fabrizio Branca
What is this all about? • Make your website run smoothly! • during development… • and when the site is online • “Smoothly” is • No bugs (unexpected behaviour) • Stability • Performance Fabrizio Branca
This talk is about How to… • avoid errors • detect errors • deal with errors • notify yourself when errors have occurred Fabrizio Branca
It„s all about bugs Fabrizio Branca
It„s all about bugs Everybody creates bugs. Nobody is perfect. A high percentage of coding time goes into • searching for bugs • fixing bugs Increase your productivity by reducing this time! Fabrizio Branca
Automating • Automatize error recognition • Use proper tools • Automatize error reporting • Route detailed error reports into your mailbox Fabrizio Branca
Bugs • Avoid bugs • through programming style • Spot bugs fast • “Safety nets”: Unit tests, Assertions • Detect them before the customer and/or the website user finds them Fabrizio Branca
Avoid bugs • Use a proper IDE • Syntax checks • Code Completion
Coding style • Cover all cases: No if without else! • Use type hints wherever possible • Stick to patterns • Increase crearity • Convention over configuration • KISS • Use object collections • Make it easier for team members to find and fix bugs (increase the truck factor) by sticking to coding guidelines and patterns Fabrizio Branca
What does PHP offer? • log_errors • display_errors • error_log Set values in • php.ini • .htaccess / vhost configuration Fabrizio Branca
What does TYPO3 offer? • devLog, sysLog, Tslog • devIpMask • Deprecation log • Page not found / Page unavailable • Exception handling • Error handling • Debug Console in the BE Fabrizio Branca
Deal with exceptions (I) How to react when an exception has occurred? • Don„t display any details to the user! • Send a correct HTTP status code (for search engines and log files) $GLOBALS['TSFE']->pageNotFoundAndExit($errorHandlerMessage); $GLOBALS['TSFE']->pageUnavailableAndExit($errorHandlerMessage); Fabrizio Branca
Page not found Fabrizio Branca
Page unavailable Fabrizio Branca
Deal with exceptions (II) Handle exceptions within your controllers. Notify yourself: • write a message to devLog • write a message to sysLog • write a message to TSLog Fabrizio Branca
Exception Handler Fabrizio Branca
Bug detection • Bugs are harder to fix the later they are detected • Bugs become harder to diagnose the further the symptom is removed from the cause Fabrizio Branca
Bug detection with assertions • Make sure that variables contain what you expect at any time (e.g. after calling a function) • E.g.: Check incoming parameters for correct type • Simple one line call: tx_pttools_assert::isValidUid($this->params['uid']); • Throws an exception if assertion is not true • http://articles.sitepoint.com/article/bug-detection-php-assertions http://debuggable.com/posts/assert-the-yummyness-of-your-cake:480f4dd6- 7fe0-4113-9776-458acbdd56cb Fabrizio Branca
Bug detection with assertions • Assertions are easy to use. • Don„t assume anything, check it! • Example: ini_set() • No substitute for unit tests! Fabrizio Branca
Bug detection with assertions See EXT:pt_tools/res/staticlib/class.tx_pttools_assert.php or build your own assert class Some examples: • tx_pttools_assert::isValidUid(); • tx_pttools_assert::isNotEmptyString(); Fabrizio Branca
Debugging, Monitoring and Profiling in TYPO3
t3lib_div::devLog() Fabrizio Branca
t3lib_div::sysLog() Decides by configuration how to handle syslog messages • send mail • write to log file • write to OS syslog Fabrizio Branca
Custom SysLog Handler See EXT:tcaobjects/res/class.tx_tcaobjects_syslog.php Fabrizio Branca
SysLog notification mail msg: Assertion "isValidUid" failed! extKey: pt_tools severity: 3 exceptionClass: tx_pttools_exceptionAssertion debugMsg: file: /var/www/burghalle/integration/htdocs/typo3conf/ext/aoe_burg/controller/class.tx_aoeburg_controller_extranet.php line: 78 function: tx_aoeburg_controller_extranet::init assertType: isValidUid val: expected: 1 Server: TYPO3_REQUEST_URL: http://www.integration.burghalle.aoe-works.de/xtranet/uebersicht/artikel- bearbeiten/e/typo3conf/ext/burghalle_template/i/white-75.png HTTP_REFERER: http://www.integration.burghalle.aoe-works.de/xtranet/uebersicht/artikel-bearbeiten/e/saveContent.html POST: -- none -- COOKIE: condensed: 0 fe_typo_user: 6b7ccec749891321cb6e7e2fc4c685a4 PHPSESSID: 4b8712f5a4c845029da1f2332cf9132b Client: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 ( .NET CLR 3.5.30729; .NET4.0C) Spider: No REMOTE_HOST: [null] REMOTE_ADDR: 217.19.187.106 User: FE_User: aoe BE_User: -- no user -- Trace: [...]
$TYPO3_DB- >debug_check_recordset() • Check all database queries • Debug_check_recordset takes care of writing log messages Fabrizio Branca
TSlog Fabrizio Branca
$TT->push() / ->pull() Use the timetrack object to keep track of what happens in your code. Fabrizio Branca
Reports module Fabrizio Branca
Reports module Write your own reports Examples: • Table size • Outdated extensions (extension manager) • TCA Integrity • TCA/database integrity (Like Compare tool) • Extension integrity (dependencies, conflicts) • Free disk space • Server load Fabrizio Branca
Define a strong api • Provide interfaces for hooks. • Allow alternatives (pagerStrategy, viewClass,…) Fabrizio Branca
Keep an eye on the logs… • Webserver • Apache error log • PHP error log • TYPO3 • Log module (Core error handler…) • Admin Panel • RealUrl • error log • are all paramters encoded? • Deprecation log • Reports module Fabrizio Branca
Keep an eye on the logs… • External tools • Google Webmaster Tools • Wget • Piwik • MySQL • Slow query log • OS (*nix) • Syslog Fabrizio Branca
Log Module Fabrizio Branca
Debugging, Monitoring and Profiling in TYPO3
Google Webmaster Tools Fabrizio Branca
Let tools do the analysis • PHP • TSFE • TypoScript • jQuery code • HTML • CSS • RSS Fabrizio Branca
Visualizing xdebug profiling
Visualizing xdebug profiling
Visualizing pdepend xml
jQuery Lint „Runtime Reporter“ http://james.padolsey.com/javascript/jquery-lint/ Fabrizio Branca
TypoScript Check (lint) Proof of concept! Xclassing tslib_content: function stdWrap($content,$conf) { $this->getLinkChecker()->check($conf, 'stdWrap'); return parent::stdWrap($content, $conf); } Fabrizio Branca
Tick
Tick Fabrizio Branca
Tick
Use validators Use validators for validating • HTML • CSS • RSS Keep an eye on editor„s content Fabrizio Branca
Spot performance killers • Use USER_INTs only if really needed. • Create links with cHashes • Avoid putting USER_INTs on all pages (load them via ajax) • Cache headers • Static publishing Fabrizio Branca
Monitoring • Configure your TYPO3 instances to notify you when errors occur. • Use Monitoring tools (e.g. Nagios, Caretaker?) Fabrizio Branca
Pingdom
Maintainance • Delete old temp files find ../htdocs/typo3temp -type f -mtime +28 -delete • Delete deleted records • Delete unreferenced files • Cleanup/check database Fabrizio Branca
Ad

Recommended

TYPO3 Scheduler
TYPO3 SchedulerTYPO3 Scheduler
TYPO3 Scheduler
Krystian Szymukowicz
 
The typo3.org Relaunch Project
The typo3.org Relaunch ProjectThe typo3.org Relaunch Project
The typo3.org Relaunch Project
AOE
 
Create, test, secure, repeat
Create, test, secure, repeatCreate, test, secure, repeat
Create, test, secure, repeat
Michelangelo van Dam
 
GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?GateKeeper - bypass or not bypass?
GateKeeper - bypass or not bypass?
Csaba Fitzl
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012
Abraham Aranguren
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
Csaba Fitzl
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
snyff
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
Diogo Mónica
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
Cory Foy
 
PHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing FrameworkPHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing Framework
Dave Ross
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
Daniel Bohannon
 
Continous Delivering a PHP application
Continous Delivering a PHP applicationContinous Delivering a PHP application
Continous Delivering a PHP application
Javier López
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.
Javier López
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Max Lai
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
 
Legal and efficient web app testing without permission
Legal and efficient web app testing without permissionLegal and efficient web app testing without permission
Legal and efficient web app testing without permission
Abraham Aranguren
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Daniel Bohannon
 
2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation
Simon Bennetts
 
Take a Stroll in the Bazaar
Take a Stroll in the BazaarTake a Stroll in the Bazaar
Take a Stroll in the Bazaar
Myles Braithwaite
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
Volkan Özçelik
 
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesExternal JavaScript Widget Development Best Practices
External JavaScript Widget Development Best Practices
Volkan Özçelik
 
Ad

More Related Content

What's hot (20)

From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
Diogo Mónica
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
Cory Foy
 
PHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing FrameworkPHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing Framework
Dave Ross
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
Daniel Bohannon
 
Continous Delivering a PHP application
Continous Delivering a PHP applicationContinous Delivering a PHP application
Continous Delivering a PHP application
Javier López
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.
Javier López
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Max Lai
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
 
Legal and efficient web app testing without permission
Legal and efficient web app testing without permissionLegal and efficient web app testing without permission
Legal and efficient web app testing without permission
Abraham Aranguren
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Daniel Bohannon
 
2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation
Simon Bennetts
 
Take a Stroll in the Bazaar
Take a Stroll in the BazaarTake a Stroll in the Bazaar
Take a Stroll in the Bazaar
Myles Braithwaite
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
Diogo Mónica
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Chris Gates
 
Debugging NET Applications With WinDBG
Debugging NET Applications With WinDBGDebugging NET Applications With WinDBG
Debugging NET Applications With WinDBG
Cory Foy
 
PHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing FrameworkPHPUnit Automated Unit Testing Framework
PHPUnit Automated Unit Testing Framework
Dave Ross
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
 
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
UTD Computer Security Group
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
Daniel Bohannon
 
Continous Delivering a PHP application
Continous Delivering a PHP applicationContinous Delivering a PHP application
Continous Delivering a PHP application
Javier López
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.
Javier López
 
Fuzzing - Part 2
Fuzzing - Part 2Fuzzing - Part 2
Fuzzing - Part 2
UTD Computer Security Group
 
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Java-Jersey 到 Python-Flask 服務不中斷重構之旅
Max Lai
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
 
Legal and efficient web app testing without permission
Legal and efficient web app testing without permissionLegal and efficient web app testing without permission
Legal and efficient web app testing without permission
Abraham Aranguren
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Daniel Bohannon
 
2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation2020 ADDO Spring Break OWASP ZAP Automation
2020 ADDO Spring Break OWASP ZAP Automation
Simon Bennetts
 
Take a Stroll in the Bazaar
Take a Stroll in the BazaarTake a Stroll in the Bazaar
Take a Stroll in the Bazaar
Myles Braithwaite
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
Simon Bennetts
 
Obfuscating The Empire
Obfuscating The EmpireObfuscating The Empire
Obfuscating The Empire
Ryan Cobb
 

Similar to Debugging, Monitoring and Profiling in TYPO3 (20)

External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
Volkan Özçelik
 
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesExternal JavaScript Widget Development Best Practices
External JavaScript Widget Development Best Practices
Volkan Özçelik
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
Volkan Özçelik
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
Graham Dumpleton
 
DEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
Five Easy Ways to QA Your Drupal Site
Five Easy Ways to QA Your Drupal SiteFive Easy Ways to QA Your Drupal Site
Five Easy Ways to QA Your Drupal Site
Mediacurrent
 
orcreatehappyusers
orcreatehappyusersorcreatehappyusers
orcreatehappyusers
tutorialsruby
 
orcreatehappyusers
orcreatehappyusersorcreatehappyusers
orcreatehappyusers
tutorialsruby
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
DECK36
 
Abraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permissionAbraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permission
Yury Chemerkin
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
Rami Sayar
 
Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
FITC
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
Chris Gates
 
Technical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot AnalysisTechnical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot Analysis
Positive Hack Days
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUESAdversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP framework
SusannSgorzaly
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
Volkan Özçelik
 
External JavaScript Widget Development Best Practices
External JavaScript Widget Development Best PracticesExternal JavaScript Widget Development Best Practices
External JavaScript Widget Development Best Practices
Volkan Özçelik
 
Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012Java scriptwidgetdevelopmentjstanbul2012
Java scriptwidgetdevelopmentjstanbul2012
Volkan Özçelik
 
PyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web ApplicationsPyCon AU 2012 - Debugging Live Python Web Applications
PyCon AU 2012 - Debugging Live Python Web Applications
Graham Dumpleton
 
DEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot webDEFCON 23 - Jason Haddix - how do i shot web
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
Five Easy Ways to QA Your Drupal Site
Five Easy Ways to QA Your Drupal SiteFive Easy Ways to QA Your Drupal Site
Five Easy Ways to QA Your Drupal Site
Mediacurrent
 
orcreatehappyusers
orcreatehappyusersorcreatehappyusers
orcreatehappyusers
tutorialsruby
 
orcreatehappyusers
orcreatehappyusersorcreatehappyusers
orcreatehappyusers
tutorialsruby
 
Manual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A BugManual JavaScript Analysis Is A Bug
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
DECK36
 
Abraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permissionAbraham aranguren. legal and efficient web app testing without permission
Abraham aranguren. legal and efficient web app testing without permission
Yury Chemerkin
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
ClubHack
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
Rami Sayar
 
Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
FITC
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
Chris Gates
 
Technical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot AnalysisTechnical Workshop - Win32/Georbot Analysis
Technical Workshop - Win32/Georbot Analysis
Positive Hack Days
 
BSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad GuysBSIDES-PR Keynote Hunting for Bad Guys
BSIDES-PR Keynote Hunting for Bad Guys
Joff Thyer
 
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUESAdversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
Adversary Emulation and Cracking The Bridge – Overview EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP framework
SusannSgorzaly
 
Ad

More from AOE (20)

Multithreaded XML Import (San Francisco Magento Meetup)
Multithreaded XML Import (San Francisco Magento Meetup)Multithreaded XML Import (San Francisco Magento Meetup)
Multithreaded XML Import (San Francisco Magento Meetup)
AOE
 
rock-solid TYPO3 development with continuous integration and deployment
rock-solid TYPO3 development with continuous integration and deploymentrock-solid TYPO3 development with continuous integration and deployment
rock-solid TYPO3 development with continuous integration and deployment
AOE
 
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
AOE
 
Continuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriverContinuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriver
AOE
 
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
AOE
 
SONY on TYPO3 - Rapid Global CMS Deployment
SONY on TYPO3 - Rapid Global CMS DeploymentSONY on TYPO3 - Rapid Global CMS Deployment
SONY on TYPO3 - Rapid Global CMS Deployment
AOE
 
Cloud Deployment und (Auto)Scaling am Beispiel von Angrybird
Cloud Deployment und (Auto)Scaling am Beispiel von AngrybirdCloud Deployment und (Auto)Scaling am Beispiel von Angrybird
Cloud Deployment und (Auto)Scaling am Beispiel von Angrybird
AOE
 
Searchperience Indexierungspipeline
Searchperience IndexierungspipelineSearchperience Indexierungspipeline
Searchperience Indexierungspipeline
AOE
 
High Performance Multi-Server Magento in der Cloud
High Performance Multi-Server Magento in der CloudHigh Performance Multi-Server Magento in der Cloud
High Performance Multi-Server Magento in der Cloud
AOE
 
Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)
AOE
 
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAngrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
AOE
 
T3DD12 Caching with Varnish
T3DD12 Caching with VarnishT3DD12 Caching with Varnish
T3DD12 Caching with Varnish
AOE
 
T3DD12 community extension
T3DD12 community extensionT3DD12 community extension
T3DD12 community extension
AOE
 
Performance measurement and tuning
Performance measurement and tuningPerformance measurement and tuning
Performance measurement and tuning
AOE
 
Domain Driven Design
Domain Driven DesignDomain Driven Design
Domain Driven Design
AOE
 
Panasonic search
Panasonic searchPanasonic search
Panasonic search
AOE
 
Performance durch Caching
Performance durch CachingPerformance durch Caching
Performance durch Caching
AOE
 
Performance durch Caching
Performance durch CachingPerformance durch Caching
Performance durch Caching
AOE
 
Open Source CMS TYPO3 at Cisco WebEx
Open Source CMS TYPO3 at Cisco WebExOpen Source CMS TYPO3 at Cisco WebEx
Open Source CMS TYPO3 at Cisco WebEx
AOE
 
Case Study NDD Distribution on TYPO3
Case Study NDD Distribution on TYPO3Case Study NDD Distribution on TYPO3
Case Study NDD Distribution on TYPO3
AOE
 
Multithreaded XML Import (San Francisco Magento Meetup)
Multithreaded XML Import (San Francisco Magento Meetup)Multithreaded XML Import (San Francisco Magento Meetup)
Multithreaded XML Import (San Francisco Magento Meetup)
AOE
 
rock-solid TYPO3 development with continuous integration and deployment
rock-solid TYPO3 development with continuous integration and deploymentrock-solid TYPO3 development with continuous integration and deployment
rock-solid TYPO3 development with continuous integration and deployment
AOE
 
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
Agile Management - Best Practice Day der Deutschen Bahn am 17.10.2013
AOE
 
Continuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriverContinuous Quality Assurance using Selenium WebDriver
Continuous Quality Assurance using Selenium WebDriver
AOE
 
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
Magento Imagine 2013: Fabrizio Branca - Learning To Fly: How Angry Birds Reac...
AOE
 
SONY on TYPO3 - Rapid Global CMS Deployment
SONY on TYPO3 - Rapid Global CMS DeploymentSONY on TYPO3 - Rapid Global CMS Deployment
SONY on TYPO3 - Rapid Global CMS Deployment
AOE
 
Cloud Deployment und (Auto)Scaling am Beispiel von Angrybird
Cloud Deployment und (Auto)Scaling am Beispiel von AngrybirdCloud Deployment und (Auto)Scaling am Beispiel von Angrybird
Cloud Deployment und (Auto)Scaling am Beispiel von Angrybird
AOE
 
Searchperience Indexierungspipeline
Searchperience IndexierungspipelineSearchperience Indexierungspipeline
Searchperience Indexierungspipeline
AOE
 
High Performance Multi-Server Magento in der Cloud
High Performance Multi-Server Magento in der CloudHigh Performance Multi-Server Magento in der Cloud
High Performance Multi-Server Magento in der Cloud
AOE
 
Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)
AOE
 
Angrybirds Magento Cloud Deployment
Angrybirds Magento Cloud DeploymentAngrybirds Magento Cloud Deployment
Angrybirds Magento Cloud Deployment
AOE
 
T3DD12 Caching with Varnish
T3DD12 Caching with VarnishT3DD12 Caching with Varnish
T3DD12 Caching with Varnish
AOE
 
T3DD12 community extension
T3DD12 community extensionT3DD12 community extension
T3DD12 community extension
AOE
 
Performance measurement and tuning
Performance measurement and tuningPerformance measurement and tuning
Performance measurement and tuning
AOE
 
Domain Driven Design
Domain Driven DesignDomain Driven Design
Domain Driven Design
AOE
 
Panasonic search
Panasonic searchPanasonic search
Panasonic search
AOE
 
Performance durch Caching
Performance durch CachingPerformance durch Caching
Performance durch Caching
AOE
 
Performance durch Caching
Performance durch CachingPerformance durch Caching
Performance durch Caching
AOE
 
Open Source CMS TYPO3 at Cisco WebEx
Open Source CMS TYPO3 at Cisco WebExOpen Source CMS TYPO3 at Cisco WebEx
Open Source CMS TYPO3 at Cisco WebEx
AOE
 
Case Study NDD Distribution on TYPO3
Case Study NDD Distribution on TYPO3Case Study NDD Distribution on TYPO3
Case Study NDD Distribution on TYPO3
AOE
 
Ad

Recently uploaded (20)

Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 

Debugging, Monitoring and Profiling in TYPO3

  • 1. Debugging, Monitoring and Profiling Fabrizio Branca fabrizio (dot) branca (at) aoemedia (dot) de Twitter: @fbrnc
  • 2. This talk is… • sharing some best practices • sharing some tools with you • an (incomplete) checklist • a reminder (hopefully) Fabrizio Branca
  • 3. What is this all about? • Make your website run smoothly! • during development… • and when the site is online • “Smoothly” is • No bugs (unexpected behaviour) • Stability • Performance Fabrizio Branca
  • 4. This talk is about How to… • avoid errors • detect errors • deal with errors • notify yourself when errors have occurred Fabrizio Branca
  • 5. It„s all about bugs Fabrizio Branca
  • 6. It„s all about bugs Everybody creates bugs. Nobody is perfect. A high percentage of coding time goes into • searching for bugs • fixing bugs Increase your productivity by reducing this time! Fabrizio Branca
  • 7. Automating • Automatize error recognition • Use proper tools • Automatize error reporting • Route detailed error reports into your mailbox Fabrizio Branca
  • 8. Bugs • Avoid bugs • through programming style • Spot bugs fast • “Safety nets”: Unit tests, Assertions • Detect them before the customer and/or the website user finds them Fabrizio Branca
  • 9. Avoid bugs • Use a proper IDE • Syntax checks • Code Completion
  • 10. Coding style • Cover all cases: No if without else! • Use type hints wherever possible • Stick to patterns • Increase crearity • Convention over configuration • KISS • Use object collections • Make it easier for team members to find and fix bugs (increase the truck factor) by sticking to coding guidelines and patterns Fabrizio Branca
  • 11. What does PHP offer? • log_errors • display_errors • error_log Set values in • php.ini • .htaccess / vhost configuration Fabrizio Branca
  • 12. What does TYPO3 offer? • devLog, sysLog, Tslog • devIpMask • Deprecation log • Page not found / Page unavailable • Exception handling • Error handling • Debug Console in the BE Fabrizio Branca
  • 13. Deal with exceptions (I) How to react when an exception has occurred? • Don„t display any details to the user! • Send a correct HTTP status code (for search engines and log files) $GLOBALS['TSFE']->pageNotFoundAndExit($errorHandlerMessage); $GLOBALS['TSFE']->pageUnavailableAndExit($errorHandlerMessage); Fabrizio Branca
  • 16. Deal with exceptions (II) Handle exceptions within your controllers. Notify yourself: • write a message to devLog • write a message to sysLog • write a message to TSLog Fabrizio Branca
  • 18. Bug detection • Bugs are harder to fix the later they are detected • Bugs become harder to diagnose the further the symptom is removed from the cause Fabrizio Branca
  • 19. Bug detection with assertions • Make sure that variables contain what you expect at any time (e.g. after calling a function) • E.g.: Check incoming parameters for correct type • Simple one line call: tx_pttools_assert::isValidUid($this->params['uid']); • Throws an exception if assertion is not true • http://articles.sitepoint.com/article/bug-detection-php-assertions http://debuggable.com/posts/assert-the-yummyness-of-your-cake:480f4dd6- 7fe0-4113-9776-458acbdd56cb Fabrizio Branca
  • 20. Bug detection with assertions • Assertions are easy to use. • Don„t assume anything, check it! • Example: ini_set() • No substitute for unit tests! Fabrizio Branca
  • 21. Bug detection with assertions See EXT:pt_tools/res/staticlib/class.tx_pttools_assert.php or build your own assert class Some examples: • tx_pttools_assert::isValidUid(); • tx_pttools_assert::isNotEmptyString(); Fabrizio Branca
  • 24. t3lib_div::sysLog() Decides by configuration how to handle syslog messages • send mail • write to log file • write to OS syslog Fabrizio Branca
  • 25. Custom SysLog Handler See EXT:tcaobjects/res/class.tx_tcaobjects_syslog.php Fabrizio Branca
  • 26. SysLog notification mail msg: Assertion "isValidUid" failed! extKey: pt_tools severity: 3 exceptionClass: tx_pttools_exceptionAssertion debugMsg: file: /var/www/burghalle/integration/htdocs/typo3conf/ext/aoe_burg/controller/class.tx_aoeburg_controller_extranet.php line: 78 function: tx_aoeburg_controller_extranet::init assertType: isValidUid val: expected: 1 Server: TYPO3_REQUEST_URL: http://www.integration.burghalle.aoe-works.de/xtranet/uebersicht/artikel- bearbeiten/e/typo3conf/ext/burghalle_template/i/white-75.png HTTP_REFERER: http://www.integration.burghalle.aoe-works.de/xtranet/uebersicht/artikel-bearbeiten/e/saveContent.html POST: -- none -- COOKIE: condensed: 0 fe_typo_user: 6b7ccec749891321cb6e7e2fc4c685a4 PHPSESSID: 4b8712f5a4c845029da1f2332cf9132b Client: HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 ( .NET CLR 3.5.30729; .NET4.0C) Spider: No REMOTE_HOST: [null] REMOTE_ADDR: 217.19.187.106 User: FE_User: aoe BE_User: -- no user -- Trace: [...]
  • 27. $TYPO3_DB- >debug_check_recordset() • Check all database queries • Debug_check_recordset takes care of writing log messages Fabrizio Branca
  • 29. $TT->push() / ->pull() Use the timetrack object to keep track of what happens in your code. Fabrizio Branca
  • 31. Reports module Write your own reports Examples: • Table size • Outdated extensions (extension manager) • TCA Integrity • TCA/database integrity (Like Compare tool) • Extension integrity (dependencies, conflicts) • Free disk space • Server load Fabrizio Branca
  • 32. Define a strong api • Provide interfaces for hooks. • Allow alternatives (pagerStrategy, viewClass,…) Fabrizio Branca
  • 33. Keep an eye on the logs… • Webserver • Apache error log • PHP error log • TYPO3 • Log module (Core error handler…) • Admin Panel • RealUrl • error log • are all paramters encoded? • Deprecation log • Reports module Fabrizio Branca
  • 34. Keep an eye on the logs… • External tools • Google Webmaster Tools • Wget • Piwik • MySQL • Slow query log • OS (*nix) • Syslog Fabrizio Branca
  • 38. Let tools do the analysis • PHP • TSFE • TypoScript • jQuery code • HTML • CSS • RSS Fabrizio Branca
  • 42. jQuery Lint „Runtime Reporter“ http://james.padolsey.com/javascript/jquery-lint/ Fabrizio Branca
  • 43. TypoScript Check (lint) Proof of concept! Xclassing tslib_content: function stdWrap($content,$conf) { $this->getLinkChecker()->check($conf, 'stdWrap'); return parent::stdWrap($content, $conf); } Fabrizio Branca
  • 44. Tick
  • 46. Tick
  • 47. Use validators Use validators for validating • HTML • CSS • RSS Keep an eye on editor„s content Fabrizio Branca
  • 48. Spot performance killers • Use USER_INTs only if really needed. • Create links with cHashes • Avoid putting USER_INTs on all pages (load them via ajax) • Cache headers • Static publishing Fabrizio Branca
  • 49. Monitoring • Configure your TYPO3 instances to notify you when errors occur. • Use Monitoring tools (e.g. Nagios, Caretaker?) Fabrizio Branca
  • 51. Maintainance • Delete old temp files find ../htdocs/typo3temp -type f -mtime +28 -delete • Delete deleted records • Delete unreferenced files • Cleanup/check database Fabrizio Branca