Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    You could spend years discovering solutions to them all, step by step as you encounter them. Or you can just look in here. All successful database applications are destined to eventually run into issues scaling up their performance. Peek into the future of your PostgreSQL database's problems today. Know the warning signs to look for, and how to avoid the most common issues before they even happen. Surprisingly, most PostgreSQL database applications evolve in the same way: Choose the right hardware. Tune the operating system and server memory use. Optimize queries against the database, with the right indexes. Monitor every layer, from hardware to queries, using some tools that are inside PostgreSQL and others that are external. Using monitoring insight, continuously rework the design and configuration. On reaching the limits of a single server, break things up; connection pooling, caching, partitioning, and replication can all help handle increasing database workloads. The path to a high performance database system isn't always easy. But it doesn't have to be mysterious with the right guide. This book is a clear, step-by-step guide to optimizing and scaling up PostgreSQL database servers. - Publisher.

    What's been lacking is the expertise to fuse them into solutions to real-world problems. These patterns are the intellectual mortar for J2EE software construction." —John Vlissides, co-author of Design Patterns, the "Gang of Four" book"The authors of Core J2EE Patterns have harvested a really useful set of patterns. They show how to apply these patterns and how to refactor your system to take advantage of them. It's just like having a team of experts sitting at your side."—Grady Booch, Chief Scientist, Rational Software Corporation "The authors do a great job describing useful patterns for application architectures. The section on refactoring is worth the price of the entire book!"—Craig McClanahan, Struts Lead Architect and Specification Lead for JavaServer Faces "Core J2EE Patterns is the gospel that should accompany every J2EE application server...Built upon the in-the-trenches expertise of its veteran architect authors, this volume unites the platform's many technologies and APIs in a way that application architects can use, and provides insightful answers to the whys, whens, and hows of the J2EE platform."—Sean Neville, JRun Enterprise Architect, MacromediaDevelopers often confuse learning the technology with learning to design with the technology. In this book, senior architects from the Sun Java Center share their cumulative design experience on Java 2 Platform, Enterprise Edition (J2EE) technology.The primary focus of the book is on patterns, best practices, design strategies, and proven solutions using the key J2EE technologies including JavaServer Pages(TM) (JSP(TM)), Servlets, Enterprise JavaBeans(TM) (EJB(TM)), and Java(TM) Message Service (JMS) APIs. The J2EE Pattern Catalog with 21 patterns and numerous strategies is presented to document and promote best practices for these technologies.Core J2EE Patterns, Second Edition offers the following: J2EE Pattern Catalog with 21 patterns—fully revised and newly documented patterns providing proven solutions for enterprise applications Design strategies for the presentation tier, business tier, and integration tier Coverage of servlets, JSP, EJB, JMS, and Web Services J2EE technology bad practices Refactorings to improve existing designs using patterns Fully illustrated with UML diagrams Extensive sample code for patterns, strategies, and refactorings

     Rails(TM) AntiPatterns identifies these widespread Rails code and design problems, explains why they're bad and why they happen--and shows exactly what to do instead.The book is organized into concise, modular chapters--each outlines a single common AntiPattern and offers detailed, cookbook-style code solutions that were previously difficult or impossible to find. Leading Rails developers Chad Pytel and Tammer Saleh also offer specific guidance for refactoring existing bad code or design to reflect sound object-oriented principles and established Rails best practices. With their help, developers, architects, and testers can dramatically improve new and existing applications, avoid future problems, and establish superior Rails coding standards throughout their organizations.This book will help you understand, avoid, and solve problems withModel layer code, from general object-oriented programming violations to complex SQL and excessive redundancy Domain modeling, including schema and database issues such as normalization and serialization View layer tools and conventions Controller-layer code, including RESTful code Service-related APIs, including timeouts, exceptions, backgrounding, and response codes Third-party code, including plug-ins and gems Testing, from test suites to test-driven development processes Scaling and deployment Database issues, including migrations and validations System design for "graceful degradation" in the real world

    This authoritative book scrapes away these bad features to reveal a subset of JavaScript that's more reliable, readable, and maintainable than the language as a whole--a subset you can use to create truly extensible and efficient code.Considered the JavaScript expert by many people in the development community, author Douglas Crockford identifies the abundance of good ideas that make JavaScript an outstanding object-oriented programming language-ideas such as functions, loose typing, dynamic objects, and an expressive object literal notation. Unfortunately, these good ideas are mixed in with bad and downright awful ideas, like a programming model based on global variables.When Java applets failed, JavaScript became the language of the Web by default, making its popularity almost completely independent of its qualities as a programming language. In JavaScript: The Good Parts, Crockford finally digs through the steaming pile of good intentions and blunders to give you a detailed look at all the genuinely elegant parts of JavaScript, including:SyntaxObjectsFunctionsInheritanceArraysRegular expressionsMethodsStyleBeautiful featuresThe real beauty? As you move ahead with the subset of JavaScript that this book presents, you'll also sidestep the need to unlearn all the bad parts. Of course, if you want to find out more about the bad parts and how to use them badly, simply consult any other JavaScript book.With JavaScript: The Good Parts, you'll discover a beautiful, elegant, lightweight and highly expressive language that lets you create effective code, whether you're managing object libraries or just trying to get Ajax to run fast. If you develop sites or applications for the Web, this book is an absolute must.

    This easy-to-follow guide is illustrated with lots of examples, and leads readers through the process of creating great websites from start to finish using HTML5 and CSS3.It also features details on all the new HTML5 and CSS3 elements and features information on the current level of browser support advice for creating great experiences for all users thanks to progressive enhancement.

    The rapid maturation of PHP has created a skeptical population of users from more traditional enterprise languages who question the readiness and ability of PHP to scale, as well as a large population of PHP developers without formal computer science backgrounds who have learned through the hands-on experimentation while developing small and midsize applications in PHP. While there are many books on learning PHP and developing small applications with it, there is a serious lack of information on scaling PHP for large-scale, business-critical systems. Schlossnagle's Advanced PHP Programming fills that void, demonstrating that PHP is ready for enterprise Web applications by showing the reader how to develop PHP-based applications for maximum performance, stability, and extensibility.

    Now, hopes and expectations for JavaScript’s future are considerable.In this insightful report, Dr. Axel Rauschmayer explains how the combination of several technologies and opportunities in the past 15 years turned JavaScript’s fortunes. With that as a backdrop, he provides a detailed look at proposed new features and fixes in the next version, ECMAScript.next, and then presents his own JavaScript wish list—such as an integrated IDE.

    

    Frustrated by the lack of well-written essays on software engineering, Joel Spolsky (of www.joelonsoftware.com fame) has put together a collection of his favorite writings on the topic.With a nod to both the serious and funny sides of technical writing, The Best Software Writing I: Selected and Introduced by Joel Spolsky is an entertaining read and a guide to the technical writing literati.The Best Software Writing I contains writings from:Ken Arnold Leon Bambrick Michael Bean Rory Blyth Adam Bosworth danah boyd Raymond Chen Kevin Cheng and Tom Chi Cory Doctorow ea_spouse Bruce Eckel Paul Ford Paul Graham John Gruber Gregor Hohpe Ron Jeffries Eric Johnson Eric Lippert Michael Lopp Larry Osterman Mary Poppendieck Rick Schaut Aaron Swartz Clay Shirky Eric Sink why the lucky stiff

    It took the open source world by storm since its inception in 2005, and is used by small development shops and giants like Google, Red Hat, and IBM, and of course many open source projects.A book by Git experts to turn you into a Git expert. Introduces the world of distributed version control Shows how to build a Git development workflow.

    You may still be drawing a paycheck, but the job you were hired to do no longer exists. Your company has changed, the technology has changed, the economy has changed, and the ways you can add value have changed. Have you adapted to these changes? Or are you at risk? Architect your career Economic downturn. Job cuts. Outsourcing. The ever-changing tech landscape. The threats abound. Chad Fowler is here to offer 52 ways to keep your job, despite the vagaries of the market.It's all about making the right choices. Choosing which technologies to focus on and which business domains to master have at least as much impact on your success as your technical knowledge--don't let those choices be accidental. Chad shows you all aspects of the decision-making process so you can ensure that you're investing your time and energy in the right areas.It's all about skills. You'll develop a structured plan for keeping your skills up-to-date so that you can compete with both the growing stable of developers in so-called low-cost countries as well as your higher-priced local peers. You'll learn how to shift your skillset up the value chain, from an offshore-ready commodity to one in high demand.It's all about marketing. As with any product or service, if nobody knows what you're selling, nobody will buy. Chad shows you how to create a plan for marketing yourself both inside your company and to the industry in general.Like it or not, the IT career landscape has changed. This handbook will teach you what you need to do to avoid being left behind. About the author Chad Fowler has been a software developer and manager for some of the world's largest corporations. He recently lived and worked in India, setting up and leading an offshore software development center for a large multinational company.

    Not any more. Wordpress makes it possible for anyone to create and run a professional looking website.While Wordpress is an amazing tool, the truth is it does have a steep learning curve, even if you have built websites before. Therefore, the goal of this book is to take anyone, even a complete beginner and get them building a professional looking website. I'll hold your hand, step-by-step, all the way. As I was planning this book, I made one decision early on. I wanted to use screenshots of everything, so the reader wasn't left looking for something on their screen that I was describing in text. This book has screenshots. I haven't counted them all, but it must be close to 300. These screenshots will help you find the things I am talking about. They'll help you check your settings and options against the screenshot of mine. No more doubt, no more wondering if you have it correct. Look, compare and move on to the next section.With so many screenshots, you may be worried that the text might be a little on the skimpy side. No need to worry there. I have described in the minutest detail, every step on your journey to a great looking website. In all, this book has over 35,000 words. This book will cut your learning curve associated with WordpressEvery chapter of the book ends with a "Tasks to Complete" section. By completing these tasks, you'll not only become proficient at using Wordpress, you'll become confident & enjoy using Wordpress.

    The book emphasizes that we all contain the ingredients for leadership, though some elements are better developed than others. "Anyone can improve as a leader simply by building the strength of our weakest elements, " author Gerald M. Weinberg writes. "Mr. Universe doesn't have more muscles than I do, just better developed ones."On one level, the book is an extremely down-to-earth, how-to guide. On a second, it is a set of parables, full of analogies that stick in the mind -- the art of management taught through stories about pinball, tinkertoys, and electric blankets. On yet another level, this is a book about the philosophy and psychology of managing technical projects. On every level, the author brings these entertaining and enlightening elements together to teach you the essentials of leadership.You'll learn how to-- master your fear of becoming a leader-- be creative in solving problems-- motivate people while maintaining quality-- gain organizational power-- plan personal change.-- Whether you manage people, are managed by people, or just want to change the way you interact with others, this book is about success. How to plan it, how to make it happen -- Becoming a Technical Leader shows you how to do it!

    A new four-part organizational structure increases the flexibility of the text, and all material is presented in a straightforward manner accompanied by an array of examples and visual diagrams.