Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    The authors' enthusiasm for their subject is compelling as they present abstract concepts in a humorous and easy-to-grasp fashion. Together, these books will open new doors of thought to anyone who wants to find out what computing is really about. The Little Schemer introduces computing as an extension of arithmetic and algebra; things that everyone studies in grade school and high school. It introduces programs as recursive functions and briefly discusses the limits of what computers can do. The authors use the programming language Scheme, and interesting foods to illustrate these abstract ideas. The Seasoned Schemer informs the reader about additional dimensions of computing: functions as values, change of state, and exceptional cases. The Little LISPer has been a popular introduction to LISP for many years. It had appeared in French and Japanese. The Little Schemer and The Seasoned Schemer are worthy successors and will prove equally popular as textbooks for Scheme courses as well as companion texts for any complete introductory course in Computer Science.

    For nearly a decade, hundreds of thousands of web developers have turned to HTML & XHTML: The Definitive Guide to master standards-based web development. Truly a definitive guide, the book combines a unique balance of tutorial material with a comprehensive reference that even the most experienced web professionals keep close at hand. From basic syntax and semantics to guidelines aimed at helping you develop your own distinctive style, this classic is all you need to become fluent in the language of web design.The new sixth edition guides you through every element of HTML and XHTML in detail, explaining how each element works and how it interacts with other elements. You'll also find detailed discussions of CSS (Cascading Style Sheets), which is intricately related to web page development. The most all-inclusive, up-to-date book on these languages available, this edition covers HTML 4.01, XHTML 1.0, and CSS2, with a preview of the upcoming XHTML2 and CSS3. Other topics include the newer initiatives in XHTML (XForms, XFrames, and modularization) and the essentials of XML for advanced readers. You'll learn how to:Use style sheets to control your document's appearance Work with programmatically generated HTML Create tables, both simple and complex Use frames to coordinate sets of documents Design and build interactive forms and dynamic documents Insert images, sound files, video, Java applets, and JavaScript programs Create documents that look good on a variety of browsersThe authors apply a natural learning approach that uses straightforward language and plenty of examples. Throughout the book, they offer suggestions for style and composition to help you decide how to best use HTML and XHTML to accomplish a variety of tasks. You'll learn what works and what doesn't, and what makes sense to those who view your web pages and what might be confusing. Written for anyone who wants to learn the language of the Web--from casual users to the full-time design professionals--this is the single most important book on HTML and XHTML you can own.Bill Kennedy is chief technical officer of MobileRobots, Inc. When not hacking new HTML pages or writing about them, "Dr. Bill" (Ph.D. in biophysics from Loyola University of Chicago) is out promoting the company's line of mobile, autonomous robots that can be used for artificial intelligence, fuzzy logic research, and education.Chuck Musciano began his career as a compiler writer and crafter of tools at Harris Corporations' Advanced Technology Group and is now a manager of Unix Systems in Harris' Corporate Data Center.

    This book shows you what writing and maintaining testable JavaScript for the client- or server-side actually entails, whether you’re creating a new application or rewriting legacy code.From methods to reduce code complexity to unit testing, code coverage, debugging, and automation, you’ll learn a holistic approach for writing JavaScript code that you and your colleagues can easily fix and maintain going forward. Testing JavaScript code is complicated. This book helps you simply the process considerably.Get an overview of Agile, test-driven development, and behavior-driven developmentUse patterns from static languages and standards-based JavaScript to reduce code complexityLearn the advantages of event-based architectures, including modularity, loose coupling, and reusabilityExplore tools for writing and running unit tests at the functional and application levelGenerate code coverage to measure the scope and effectiveness of your testsConduct integration, performance, and load testing, using Selenium or CasperJSUse tools for in-browser, Node.js, mobile, and production debuggingUnderstand what, when, and how to automate your development processes

    The book covers lambdas, streams, and functional-style programming. With Java 8's functional features you can now write more concise code in less time, and also automatically benefit from multicore architectures. It's time to dig in!

    And how to move all of this data becomes nearly as important as the data itself. If you� re an application architect, developer, or production engineer new to Apache Kafka, this practical guide shows you how to use this open source streaming platform to handle real-time data feeds.Engineers from Confluent and LinkedIn who are responsible for developing Kafka explain how to deploy production Kafka clusters, write reliable event-driven microservices, and build scalable stream-processing applications with this platform. Through detailed examples, you� ll learn Kafka� s design principles, reliability guarantees, key APIs, and architecture details, including the replication protocol, the controller, and the storage layer.Understand publish-subscribe messaging and how it fits in the big data ecosystem.Explore Kafka producers and consumers for writing and reading messagesUnderstand Kafka patterns and use-case requirements to ensure reliable data deliveryGet best practices for building data pipelines and applications with KafkaManage Kafka in production, and learn to perform monitoring, tuning, and maintenance tasksLearn the most critical metrics among Kafka� s operational measurementsExplore how Kafka� s stream delivery capabilities make it a perfect source for stream processing systems

    This long-awaited revision contains changes throughout the text. There are new implementations of most of the major programming systems in the book, including the interpreters and compilers, and the authors have incorporated many small changes that reflect their experience teaching the course at MIT since the first edition was published. A new theme has been introduced that emphasizes the central role played by different approaches to dealing with time in computational models: objects with state, concurrent programming, functional programming and lazy evaluation, and nondeterministic programming. There are new example sections on higher-order procedures in graphics and on applications of stream processing in numerical programming, and many new exercises. In addition, all the programs have been reworked to run in any Scheme implementation that adheres to the IEEE standard.

    You'll learn the SPA design approach, and then start exploring new techniques like structured JavaScript and responsive design. And you'll learn how to capitalize on trends like server-side JavaScript and NoSQL data stores, as well as new frameworks that make JavaScript more manageable and testable as a first-class language.About this BookIf your website is a jumpy collection of linked pages, you are behind. Single page web applications are your next step: pushing UI rendering and business logic to the browser and communicating with the server only to synchronize data, they provide a smooth user experience, much like a native application. But, SPAs can be hard to develop, manage, and test.Single Page Web Applications shows how your team can easily design, test, maintain, and extend sophisticated SPAs using JavaScript end-to-end, without getting locked into a framework. Along the way, you'll develop advanced HTML5, CSS3, and JavaScript skills, and use JavaScript as the language of the web server and the database.This book assumes basic knowledge of web development. No experience with SPAs is required.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.What's InsideDesign, build, and test a full-stack SPA Best-in-class tools like jQuery, TaffyDB, Node.js, and MongoDB Real-time web with web sockets and Socket.IO Touch controls for tablets and smartphones Common SPA design mistakesAbout the AuthorsThe authors are architects and engineering managers. Michael Mikowski has worked on many commercial SPAs and a platform that processes over 100 billion requests per year. Josh Powell has built some of the most heavily trafficked sites on the web.Table of ContentsPART 1: INTRODUCING SPAS Our first single page application Reintroducing JavaScript PART 2: SPA CLIENT Develop the Shell Add feature modules Build the Model Finish the Model and Data modules PART 3: THE SPA SERVER The web server The server database Readying our SPA for production

    The widespread adoption of agile methods has brought the need for effective testing into the limelight, and agile projects have transformed the role of testers. Much of a tester's function, however, remains largely misunderstood. What is the true role of a tester? Do agile teams actually need members with QA backgrounds? What does it really mean to be an "agile tester?"Two of the industry's most experienced agile testing practitioners and consultants, Lisa Crispin and Janet Gregory, have teamed up to bring you the definitive answers to these questions and many others. In Agile Testing, Crispin and Gregory define agile testing and illustrate the tester's role with examples from real agile teams. They teach you how to use the agile testing quadrants to identify what testing is needed, who should do it, and what tools might help. The book chronicles an agile software development iteration from the viewpoint of a tester and explains the seven key success factors of agile testing.Readers will come away from this book understanding- How to get testers engaged in agile development- Where testers and QA managers fit on an agile team- What to look for when hiring an agile tester- How to transition from a traditional cycle to agile development- How to complete testing activities in short iterations- How to use tests to successfully guide development- How to overcome barriers to test automationThis book is a must for agile testers, agile teams, their managers, and their customers.

    Built for your brain, this book covers C# 3.0 and Visual Studio 2008, and teaches everything from language fundamentals to advanced topics including garbage collection, extension methods, and double-buffered animation. You'll also master C#'s hottest and newest syntax, LINQ, for querying SQL databases, .NET collections, and XML documents. By the time you're through, you'll be a proficient C# programmer, designing and coding large-scale applications. Every few chapters you will come across a lab that lets you apply what you've learned up to that point. Each lab is designed to simulate a professional programming task, increasing in complexity until-at last-you build a working Invaders game, complete with shooting ships, aliens descending while firing, and an animated death sequence for unlucky starfighters. This remarkably engaging book will have you going from zero to 60 with C# in no time flat.

    As a result, functional code is easier to test and reuse, simpler to parallelize, and less prone to bugs. Scala is an emerging JVM language that offers strong support for FP. Its familiar syntax and transparent interoperability with existing Java libraries make Scala a great place to start learning FP.Functional Programming in Scala is a serious tutorial for programmers looking to learn FP and apply it to the everyday business of coding. The book guides readers from basic techniques to advanced topics in a logical, concise, and clear progression. In it, they'll find concrete examples and exercises that open up the world of functional programming.Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book.

    You'll learn how to write web services from scratch and integrate existing services into your Java applications. With Java Web Services: Up and Running, you will:Understand the distinction between SOAP-based and REST-style services Write, deploy, and consume SOAP-based services in core Java Understand the Web Service Definition Language (WSDL) service contract Recognize the structure of a SOAP message Learn how to deliver Java-based RESTful web services and consume commercial RESTful services Know security requirements for SOAP- and REST-based web services Learn how to implement JAX-WS in various application servers Ideal for students as well as experienced programmers, Java Web Services: Up and Running is the concise guide you need to start working with these technologies right away.

    Through four years of groundbreaking research, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance—and what drives it—using rigorous statistical methods. This book presents both the findings and the science behind that research. Readers will discover how to measure the performance of their teams, and what capabilities they should invest in to drive higher performance.

    I'm going to share that mindset with you — along with hundreds of actionable techniques and proven habits — so you can shortcut those years.Introducing The Effective Engineer — the only book designed specifically for today's software engineers, based on extensive interviews with engineering leaders at top tech companies, and packed with hundreds of techniques to accelerate your career.For two years, I embarked on a quest seeking an answer to one question:How do the most effective engineers make their efforts, their teams, and their careers more successful?I interviewed and collected stories from engineering VPs, directors, managers, and other leaders at today's top software companies: established, household names like Google, Facebook, Twitter, and LinkedIn; rapidly growing mid-sized companies like Dropbox, Square, Box, Airbnb, and Etsy; and startups like Reddit, Stripe, Instagram, and Lyft.These leaders shared stories about the most valuable insights they've learned and the most common and costly mistakes that they've seen engineers — sometimes themselves — make.This is just a small sampling of the hard questions I posed to them:- What engineering qualities correlate with future success?- What have you done that has paid off the highest returns?- What separates the most effective engineers you've worked with from everyone else?- What's the most valuable lesson your team has learned in the past year?- What advice do you give to new engineers on your team? Everyone's story is different, but many of the lessons share common themes.You'll get to hear stories like:- How did Instagram's team of 5 engineers build and support a service that grew to over 40 million users by the time the company was acquired?- How and why did Quora deploy code to production 40 to 50 times per day?- How did the team behind Google Docs become the fastest acquisition to rewrite its software to run on Google's infrastructure?- How does Etsy use continuous experimentation to design features that are guaranteed to increase revenue at launch?- How did Facebook's small infrastructure team effectively operate thousands of database servers?- How did Dropbox go from barely hiring any new engineers to nearly tripling its team size year-over-year? What's more, I've distilled their stories into actionable habits and lessons that you can follow step-by-step to make your career and your team more successful.The skills used by effective engineers are all learnable.And I'll teach them to you. With The Effective Engineer, I'll teach you a unifying framework called leverage — the value produced per unit of time invested — that you can use to identify the activities that produce disproportionate results.Here's a sneak peek at some of the lessons you'll learn. You'll learn how to:- Prioritize the right projects and tasks to increase your impact.- Earn more leeway from your peers and managers on your projects.- Spend less time maintaining and fixing software and more time building and shipping new features.- Produce more accurate software estimates.- Validate your ideas cheaply to reduce wasted work.- Navigate organizational and people-related bottlenecks.- Find the appropriate level of code reviews, testing, abstraction, and technical debt to balance speed and quality.- Shorten your debugging workflow to increase your iteration speed.

    Land of Lisp brings the language into the real world, teaching Lisp by showing readers how to write several complete Lisp-based games, including a text adventure, an evolution simulation, and a robot battle. While building these games, readers learn the core concepts of Lisp programming, such as data types, recursion, input/output, object-oriented programming, and macros. And thanks to the power of Lisp, the code is short. Rather than bogging things down with reference information that is easily found online, Land of Lisp focuses on using Lisp for real programming. The book is filled with the author Conrad Barski's famous Lisp cartoons, featuring the Lisp alien and other zany characters.