Folder structure isn't easy to notice at first. Generally, each folder is a "module" (where framework
is core SilverStripe, cms is the CMS part of core SilverStripe, and mysite is the custom code). There's also a /vendor
directory that might be used if they're using composer.
If they're using Composer you'll be able to use the composer.json
file in the root of the project to determine where some folders are coming from and if they're using official modules, etc. Extra points if you checking their live webserver and find access to it. Information disclosure and all that.
Most of the interesting code will be in mysite/
probably (though worth noting, there's no explicit rule that you have to put your code in a folder called that -- another common option is to put in a folder named after the project). CMS and Framework are the only two modules you probably won't need to audit or worry about, however, it's fairly common for developers (especially ones not fa