Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    Borne from a contract developer's pet project, these days you'll find PHP powering many of the world's largest web sites, including Yahoo!, Digg, EA Games, and Lycos.PHP Objects, Patterns, and Practice, Second Edition shows you how to meld the power of PHP with the sound enterprise development techniques embraced by professional programmers. Going well beyond the basics of objectoriented development, you'll learn about advanced topics such as working with static methods and properties, abstract classes, interfaces, design patterns, exception handling, and more. You'll also be exposed to key tools such as PEAR, CVS, Phing, and phpDocumentor. What you'll learn Write solid, maintainable code by embracing objectoriented techniques and design patterns Create detailed, versatile documentation using the powerful phpDocumentor automated documentation system Gain new flexibility during the development process by managing your code within a CVS repository and using the Phing build system Capitalize upon the quality code of others by using the PEAR package management solution Who this book is forPHP developers seeking to embrace sound development techniques such as objectorientation, design patterns, testing, and documentation. "

    Essentially three books in one: provides thorough introductions to the PHP language and the MySQL database, and shows you how these two technologies can be effectively integrated to build powerful websites. Provides over 500 code examples, including real-world tasks such as creating an auto-login feature, sending HTML-formatted e-mail, testing password guessability, and uploading files via a web interface. Updated for MySQL 5, includes new chapters introducing triggers, stored procedures, and views.

    High-profile projects such as the Linux Kernel, Mozilla, Gnome, and Ruby on Rails are now using Distributed Version Control Systems (DVCS) instead of the old stand-bys of CVS or Subversion.Git is a modern, fast, DVCS. But understanding how it fits into your development can be a daunting task without an introduction to the new concepts. Whether you're just starting out as a professional programmer or are an old hand, this book will get you started using Git in this new distributed world. Whether you're making the switch from a traditional centralized version control system or are a new programmer just getting started, this book prepares you to start using Git in your everyday programming.Pragmatic Version Control Using Git starts with an overview of version control systems, and shows how being distributed enables you to work more efficiently in our increasingly mobile society. It then progresses through the basics necessary to get started using Git.You'll get a thorough overview of how to take advantage of Git. By the time you finish this book you'll have a firm grounding in how to use Git, both by yourself and as part of a team.Learn how to use how to use Git to protect all the pieces of your project Work collaboratively in a distributed environment Learn how to use Git's cheap branches to streamline your development Install and administer a Git server to share your repository

    To grow professionally, you also need soft skills and effective learning techniques. Honing those skills is what this book is all about. Authors Dave Hoover and Adewale Oshineye have cataloged dozens of behavior patterns to help you perfect essential aspects of your craft. Compiled from years of research, many interviews, and feedback from O'Reilly's online forum, these patterns address difficult situations that programmers, administrators, and DBAs face every day. And it's not just about financial success. Apprenticeship Patterns also approaches software development as a means to personal fulfillment. Discover how this book can help you make the best of both your life and your career. Solutions to some common obstacles that this book explores in-depth include:Burned out at work? "Nurture Your Passion" by finding a pet project to rediscover the joy of problem solving.Feeling overwhelmed by new information? Re-explore familiar territory by building something you've built before, then use "Retreat into Competence" to move forward again.Stuck in your learning? Seek a team of experienced and talented developers with whom you can "Be the Worst" for a while. "Brilliant stuff! Reading this book was like being in a time machine that pulled me back to those key learning moments in my career as a professional software developer and, instead of having to learn best practices the hard way, I had a guru sitting on my shoulder guiding me every step towards master craftsmanship. I'll certainly be recommending this book to clients. I wish I had this book 14 years ago!" -Russ Miles, CEO, OpenCredo

    The result is a peculiar and charming combination of prose, poetry, and programming.The best authors are those who obsess about language--and the same goes for JavaScript developers. To master either craft, you must experiment with language to develop your own style, your own idioms, and your own expressions. To that end, If Hemingway Wrote JavaScript playfully bridges the worlds of programming and literature for the literary geek in all of us.Featuring original artwork by Miran Lipovaca.

    When it comes to creating websites, the PHP scripting language is truly a red-hot property. In fact, PHP is currently used on more than 19 million websites, surpassing Microsoft's ASP .NET technology in popularity. Programmers love its flexibility and speed; designers love its accessibility and convenience. As the industry standard book on PHP, all of the essentials are covered in a clear and concise manner. Language syntax and programming techniques are coupled with numerous examples that illustrate both correct usage and common idioms. With style tips and practical programming advice, this book will help you become not just a PHP programmer, but a good PHP programmer. Programming PHP, Second Edition covers everything you need to know to create effective web applications with PHP. Contents include: Detailed information on the basics of the PHP language, including data types, variables, operators, and flow control statements Chapters outlining the basics of functions, strings, arrays, and objects Coverage of common PHP web application techniques, such as form processing and validation, session tracking, and cookies Material on interacting with relational databases, such as MySQL and Oracle, using the database-independent PEAR DB library and the new PDO Library Chapters that show you how to generate dynamic images, create PDF files, and parse XML files with PHP Advanced topics, such as creating secure scripts, error handling, performance tuning, and writing your own C language extensions to PHP A handy quick reference to all the core functions in PHP and all the standard extensions that ship with PHP Praise for the first edition: "If you are just getting into the dynamic Web development world or you are considering migrating from another dynamic web product to PHP, Programming PHP is the book of choice to get you up, running, and productive in a short time."--Peter MacIntrye, eWeek "I think this is a great book for programmers who want to start developing dynamic websites with PHP. It gives a detailed overview of PHP, lots of valuable tips, and a good sense of PHP's strengths."--David Dooling, Slashdot.org

    Each topic illustrated with pointed examples. You’ll also get a thorough reference to the Underscore.js library and its idioms, including:ClosuresApplicative programmingLazinessImmutabilityHigher-order functionsPurityCombinatorsCurrying and partial application

    A full Rails application probably has less total code than the XML you'd need to configure the same application in other frameworks. With this book you'll learn how to use "ActiveRecord" to connect business objects and database tables. No more painful object-relational mapping. Just create your business objects and let Rails do the rest. You'll learn how to use the "Action Pack" framework to route incoming requests and render pages using easy-to-write templates and components. See how to exploit the Rails service frameworks to send emails, implement web services, and create dynamic, user-centric web-pages using built-in Javascript and Ajax support. There are extensive chapters on testing, deployment, and scaling. You'll see how easy it is to install Rails using your web server of choice (such as Apache or lighttpd) or using its own included web server. You'll be writing applications that work with your favorite database (MySQL, Oracle, Postgres, and more) in no time at all. You'll create a complete online store application in the extended tutorial section, so you'll see how a full Rails application is developed---iteratively and rapidly. Rails strives to honor the Pragmatic Programmer's "DRY Principle" by avoiding the extra work of configuration files and code annotations. You can develop in real-time: make a change, and watch it work immediately. Forget XML. Everything in Rails, from templates to control flow to business logic, is written in Ruby, the language of choice for programmers who like to get the job done well (and leave work ontime for a change). Rails is the framework of choice for the new generation of Web 2.0 developers. Agile Web Development with Rails is the book for that generation, written by Dave Thomas (Pragmatic Programmer and author of Programming Ruby) and David Heinemeier Hansson, who created Rails.

    What’s more, they can do it one step at a time, through a series of simple, proven steps. Now, there’s an authoritative and extensively updated version of Martin Fowler’s classic refactoring book that utilizes Ruby examples and idioms throughout–not code adapted from Java or any other environment.The authors introduce a detailed catalog of more than 70 proven Ruby refactorings, with specific guidance on when to apply each of them, step-by-step instructions for using them, and example code illustrating how they work. Many of the authors’ refactorings use powerful Ruby-specific features, and all code samples are available for download. Leveraging Fowler’s original concepts, the authors show how to perform refactoring in a controlled, efficient, incremental manner, so you methodically improve your code’s structure without introducing new bugs. Whatever your role in writing or maintaining Ruby code, this book will be an indispensable resource.This book will help you Understand the core principles of refactoring and the reasons for doing it Recognize “bad smells” in your Ruby code Rework bad designs into well-designed code, one step at a time Build tests to make sure your refactorings work properly Understand the challenges of refactoring and how they can be overcome Compose methods to package code properly Move features between objects to place responsibilities where they fit best Organize data to make it easier to work with Simplify conditional expressions and make more effective use of polymorphism Create interfaces that are easier to understand and use Generalize more effectively Perform larger refactorings that transform entire software systems and may take months or years Successfully refactor Ruby on Rails code

    You'll work through the development of each project, implementing and running the applications while learning new features along the way.Web frameworks are playing a major role in the creation of today's most compelling web applications, because they automate many of the tedious tasks, allowing developers to instead focus on providing users with creative and powerful features. Python developers have been particularly fortunate in this area, having been able to take advantage of Django, a very popular open source web framework whose stated goal is to make it easier to build better web applications more quickly with less code.Practical Django Projects is the first book to introduce this popular framework by way of a series of realworld projects. What you'll learn Capitalize upon Django's welldefined framework architecture to build web applications faster than ever before Learn by doing by working through the creation of three realworld projects, including a content management system, blog, and social networking site Build userfriendly web sites with wellstructured URLs, session tracking, and syndication options Let Django handle tedious tasks such as database interaction while you focus on building compelling applications Who this book is forWeb developers seeking to use the powerful Django framework to build powerful web sites. "

    Now this classic book has been fully updated and revised with leading-edge practices--and hundreds of new code samples--illustrating the art and science of software construction. Capturing the body of knowledge available from research, academia, and everyday commercial practice, McConnell synthesizes the most effective techniques and must-know principles into clear, pragmatic guidance. No matter what your experience level, development environment, or project size, this book will inform and stimulate your thinking--and help you build the highest quality code. Discover the timeless techniques and strategies that help you: Design for minimum complexity and maximum creativity Reap the benefits of collaborative development Apply defensive programming techniques to reduce and flush out errors Exploit opportunities to refactor--or evolve--code, and do it safely Use construction practices that are right-weight for your project Debug problems quickly and effectively Resolve critical construction issues early and correctly Build quality into the beginning, middle, and end of your project

    

    This text concisely describes the Python language and its programming environment for those readers already familiar with languages such as C and C++.

    You’ll learn everything from the basics of database integration and the use of JavaScript to browser-automation tools like Selenium, and advanced topics such as NoSQL, Web Sockets, and async programming.Ideal for beginners, this book teaches a development methodology that leads to peace of mind, cleaner code, and better web apps.