You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    This expanded and completely updated edition covers the why of network design, focusing not just the specifications comprising today's systems but how key technologies and protocols actually work in the real world to solve specific problems. It is the only introductory computer networking book written by authors who have had first-hand experience with many of the protocols discussed in the text, who have actually designed some of them as well, and who are still actively designing the computer networks today.The book makes less use of computer code to explain protocols than earlier editions. Moreover, this new edition shifts the focus somewhat higher in the protocol stack where there is generally more innovative and exciting work going on at the application and session layers than at the link and physical layers. Other new features are: increased accessibility by clearly separating the advanced material from more fundamental via special headings and boxed features; the material is structured in such a way as to make it easier to teach top-down. Furthermore, the book outstrips the competitors in offering a more robust ancillary package for student and instructor support. The text is complemented with figures as well as links to networking resources on the Web and links to author-created materials on author-maintained Web site.Computer Networks, Fourth Edition, will be an invaluable resource for networking professionals and upper level undergraduate and graduate students in CS, EE, and CSE programs.

    With this hands-on guide, you'll learn how to write effective, idiomatic Python code by leveraging its best and possibly most neglected features. Author Luciano Ramalho takes you through Python's core language features and libraries, and shows you how to make your code shorter, faster, and more readable at the same time.Many experienced programmers try to bend Python to fit patterns they learned from other languages, and never discover Python features outside of their experience. With this book, those Python programmers will thoroughly learn how to become proficient in Python 3.This book covers:Python data model: understand how special methods are the key to the consistent behavior of objectsData structures: take full advantage of built-in types, and understand the text vs bytes duality in the Unicode ageFunctions as objects: view Python functions as first-class objects, and understand how this affects popular design patternsObject-oriented idioms: build classes by learning about references, mutability, interfaces, operator overloading, and multiple inheritanceControl flow: leverage context managers, generators, coroutines, and concurrency with the concurrent.futures and asyncio packagesMetaprogramming: understand how properties, attribute descriptors, class decorators, and metaclasses work"

    IT expert Nicholas G. Carr offers a radically different view in this eloquent and explosive book. As IT's power and presence have grown, he argues, its strategic relevance has actually decreased. IT has been transformed from a source of advantage into a commoditized "cost of doing business" - with huge implications for business management.Expanding on Carr's seminal Harvard Business Review article that generated a storm of controversy, Does IT Matter? provides a truly compelling - and unsettling - account of IT's changing business role and its leveling influence on competition. Through astute analysis of historical and contemporary examples, Carr shows that the evolution of IT closely parallels that of earlier technologies such as railroads and electric power. He goes on to lay out a new agenda for IT management, stressing cost control and risk management over innovation and investment. And he examines the broader implications for business strategy and organization as well as for the technology industry.A frame-changing statement on one of the most important business phenomena of our time, Does IT Matter? marks a crucial milepost in the debate about IT's future.An acclaimed business writer and thinker, Nicholas G. Carr is a former executive editor of the Harvard Business Review.

    While the structure of this book is similar to that of the previous edition, each chapter reflects the latest ANSI C++ standard and the examples have been thoroughly revised to reflect current practices and standards.

    Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context.  Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies.   The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel     “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB     “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be.

    Packed with examples and helpful recommendations, the book has helped everyone--from novices to experienced developers, and from Oracle Forms developers to database administrators--make the most of PL/SQL. The fourth edition is a comprehensive update, adding significant new content and extending coverage to include the very latest Oracle version, Oracle Database 10g Release 2. It describes such new features as the PL/SQL optimizing compiler, conditional compilation, compile-time warnings, regular expressions, set operators for nested tables, nonsequential collections in FORALL, the programmer-defined quoting mechanism, the ability to backtrace an exception to a line number, a variety of new built-in packages, and support for IEEE 754 compliant floating-point numbers. The new edition adds brand-new chapters on security (including encryption, row-level security, fine-grained auditing, and application contexts), file, email, and web I/O (including the built-in packages DBMS_OUTPUT, UTL_FILE, UTL_MAIL, UTL_SMTP, and UTL_HTTP) and globalization and localization. Co-authored by the world's foremost PL/SQL authority, Steven Feuerstein, this classic reference provides language syntax, best practices, and extensive code, ranging from simple examples to complete applications--making it a must-have on your road to PL/SQL mastery. A companion web site contains many more examples and additional technical content for enhanced learning.

    If you're a reasonably proficient programmer who can think logically, you have all the background you'll need. Stepanov and Rose introduce the relevant abstract algebra and number theory with exceptional clarity. They carefully explain the problems mathematicians first needed to solve, and then show how these mathematical solutions translate to generic programming and the creation of more effective and elegant code. To demonstrate the crucial role these mathematical principles play in many modern applications, the authors show how to use these results and generalized algorithms to implement a real-world public-key cryptosystem. As you read this book, you'll master the thought processes necessary for effective programming and learn how to generalize narrowly conceived algorithms to widen their usefulness without losing efficiency. You'll also gain deep insight into the value of mathematics to programming--insight that will prove invaluable no matter what programming languages and paradigms you use. You will learn aboutHow to generalize a four thousand-year-old algorithm, demonstrating indispensable lessons about clarity and efficiencyAncient paradoxes, beautiful theorems, and the productive tension between continuous and discreteA simple algorithm for finding greatest common divisor (GCD) and modern abstractions that build on itPowerful mathematical approaches to abstractionHow abstract algebra provides the idea at the heart of generic programmingAxioms, proofs, theories, and models: using mathematical techniques to organize knowledge about your algorithms and data structuresSurprising subtleties of simple programming tasks and what you can learn from themHow practical implementations can exploit theoretical knowledge

    Leading Scrum coach and trainer Kenny Rubin illuminates the values, principles, and practices of Scrum, and describes flexible, proven approaches that can help you implement it far more effectively. Whether you are new to Scrum or years into your use, this book will introduce, clarify, and deepen your Scrum knowledge at the team, product, and portfolio levels. Drawing from Rubin's experience helping hundreds of organizations succeed with Scrum, this book provides easy-to-digest descriptions enhanced by more than two hundred illustrations based on an entirely new visual icon language for describing Scrum's roles, artifacts, and activities. Essential Scrum will provide every team member, manager, and executive with a common understanding of Scrum, a shared vocabulary they can use in applying it, and practical knowledge for deriving maximum value from it.

    This book surveys the most important computer algorithms currently in use and provides a full treatment of data structures and algorithms for sorting, searching, graph processing, and string processing -- including fifty algorithms every programmer should know. In this edition, new Java implementations are written in an accessible modular programming style, where all of the code is exposed to the reader and ready to use.The algorithms in this book represent a body of knowledge developed over the last 50 years that has become indispensable, not just for professional programmers and computer science students but for any student with interests in science, mathematics, and engineering, not to mention students who use computation in the liberal arts.The companion web site, algs4.cs.princeton.edu contains An online synopsis Full Java implementations Test data Exercises and answers Dynamic visualizations Lecture slides Programming assignments with checklists Links to related material The MOOC related to this book is accessible via the "Online Course" link at algs4.cs.princeton.edu. The course offers more than 100 video lecture segments that are integrated with the text, extensive online assessments, and the large-scale discussion forums that have proven so valuable. Offered each fall and spring, this course regularly attracts tens of thousands of registrants.Robert Sedgewick and Kevin Wayne are developing a modern approach to disseminating knowledge that fully embraces technology, enabling people all around the world to discover new ways of learning and teaching. By integrating their textbook, online content, and MOOC, all at the state of the art, they have built a unique resource that greatly expands the breadth and depth of the educational experience.

    Salesforce.com (more than 50%) and Twitter (more than 75% fall into this category. Ebay gets more than 8 billion API calls a month. Facebook and Google, have dozens of APIs that enable both free services and e-commerce, get more than 5 billion API calls each day. Other companies like NetFlix have expanded their service of streaming movies over the the web to dozens of devices using API. At peak times, more than 20 percent of all traffic is accounted for by Netflix through its APIs. Companies like Sears and E-Trade are opening up their catalogs and other services to allow developers and entrepreneurs to create new marketing experiences. Making an API work to create a new channel is not just a matter of technology. An API must be considered in terms of business strategy, marketing, and operations as well as the technical aspects of programming. This book, written by Greg Brail, CTO of Apigee, and Brian Mulloy, VP of Products, captures the knowledge of all these areas gained by Apigee, the leading company in supporting the rollout of high traffic APIs.

    Joining the professional web designers and programmers are new audiences who need to know a little bit of code at work (update a content management system or e-commerce store) and those who want to make their personal blogs more attractive. Many books teaching HTML and CSS are dry and only written for those who want to become programmers, which is why this book takes an entirely new approach. • Introduces HTML and CSS in a way that makes them accessible to everyone—hobbyists, students, and professionals—and it’s full-color throughout • Utilizes information graphics and lifestyle photography to explain the topics in a simple way that is engaging • Boasts a unique structure that allows you to progress through the chapters from beginning to end or just dip into topics of particular interest at your leisureThis educational book is one that you will enjoy picking up, reading, then referring back to. It will make you wish other technical topics were presented in such a simple, attractive and engaging way!

    But facing the sea change that AI will bring can be paralyzing. How should companies set strategies, governments design policies, and people plan their lives for a world so different from what we know? In the face of such uncertainty, many analysts either cower in fear or predict an impossibly sunny future.But in Prediction Machines, three eminent economists recast the rise of AI as a drop in the cost of prediction. With this single, masterful stroke, they lift the curtain on the AI-is-magic hype and show how basic tools from economics provide clarity about the AI revolution and a basis for action by CEOs, managers, policy makers, investors, and entrepreneurs.When AI is framed as cheap prediction, its extraordinary potential becomes clear: Prediction is at the heart of making decisions under uncertainty. Our businesses and personal lives are riddled with such decisions. Prediction tools increase productivity--operating machines, handling documents, communicating with customers. Uncertainty constrains strategy. Better prediction creates opportunities for new business structures and strategies to compete. Penetrating, fun, and always insightful and practical, Prediction Machines follows its inescapable logic to explain how to navigate the changes on the horizon. The impact of AI will be profound, but the economic framework for understanding it is surprisingly simple.

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    The books also provides a companion web site that provides the toold and materials necessary to build the hardware and software.