- Does it work?
- Is is reliable?
- Is it secure?
- Are we legal?
Does it work?
- cross browser compatibility checks
- cross device compatibility checks
- content check, purge lorem ipsum and dummy content
- dns propertly configured, e.g. alternatives http://blah.com
Is it secure?
- login forms, admin areas, sensitive information protected by SSL?
- Input validation; form fields, file uploads
- Output validation; sanitise output to prevent XSS attacks
- Strong passwords for admin and services accounts
- Developer and Test accounts deleted
- Strong security policy applied to OS (e.g. least privileges)
- Strong security policy applied to external service configurations (eg Apache)
- OS and services Package updates applied (e.g. yum update or aptitude)
Is it reliable?
- Web monitoring from remote locations
- local service monitoring, eg nagios, monit
- OS level metrics, such as munin to detect resource and capacity changes
- Load and throughput performance profile for site before going live
- Scaling strategy, caches, autodeploy
- What are the hard bottlenecks? eg mysql
- Understanding of tunable characteristics of platform
Are we legal?
- Are all stock photos and content properly licensed?
- Meet Data protection regulations
- minimal accessibility requirements for government or non-profit projects
- Are all developers and admins under suitable NDA for live data?
(this is not a comprehensive list, as now I have decided that I need something like an administrative category)
No comments:
Post a Comment
Don't be nasty. Being rude is fine.