As your site grows with the number of modules, the amount of memory and SQL queries required to perform a full bootstrap grows. Even though your AJAX callback might only need to perform a single SQL SELECT query, sometimes Drupal spends a lot of time loading and executing code that will never be used.
As part of the series of blog posts on the top 10 OWASP web application security risks and how to defend against them in Drupal 7, here is the first post in the series. This post deals with the top security hole - classified as "injection".
From the OWASP top 10 security risks:
Being able to work out when an issue started occurring an what impact it is having on real people using your site is critical business information that too often gets overlooked.
Existing (core) modules that can help
Drupal core ships with a few modules that go some way as to helping you track down application errors:
Apache's libcloud is a Python library that allows you to write code that interacts with numerous cloud service providers. In this tutorial we'll cover some basics and look at setting up a basic AWS EC2 instance as an example.
My eyes, the goggles do nothing!
Getting started on OpenERP can be a bit daunting, initially this behemoth can be really painful. However once you get familiar with the system everything is really easy. In this tutorial I'll go through the steps involved in adding an additional field to an existing model and adding it to an existing view. We'll also do this by creating a custom module, so we will also cover some of the basics for doing that as well.
Update: The method described here uses Google Maps' Geocoding API. The free version of this only allows 2500 lookups per day, I easily ran into this limit during development. The Google Maps for Business API allows 100k requests per day.
A job I have been doing recently has me regularly importing user submitted postal addresses from a 3rd party website into my clients accounting system. The quality of some of this data is really average. This is mostly due to poor (read zero) validation from the 3rd party website.
Throughout the course of building large complex Drupal sites, you invariably end up writing a suite of custom modules and features to produce the required functionality and behaviour for the site.
One issue is that when you do create these custom modules, the core update status page attempts to find new versions of your custom modules on the Drupal.org update server. Of course this check fails, but it takes up precious time to work that the module is not on drupal.org and also the grey box looks kind of ugly.
How to replace PHP curl functions with Guzzle's HTTP Client using Symfony2.0 to do HTTP POST requests including authentication.
How to install the Backbone module on the Drupal 7 platform from a standard installation. This tutorial takes you through the steps from a vanilla install to having the backbone_example sub-module working.
Drupal.org has this information, but it is largely scattered around on these URLs:
It can be hard to find a real life example on how to update your contributed modules with the new Drupal 8 architecture.