You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Some books try to give you copy-and-paste instructions for how to deal with every single system issue that may arise, but How Linux Works actually shows you how the Linux system functions so that you can come up with your own solutions. After a guided tour of filesystems, the boot sequence, system management basics, and networking, author Brian Ward delves into open-ended topics such as development tools, custom kernels, and buying hardware, all from an administrator's point of view. With a mixture of background theory and real-world examples, this book shows both "how" to administer Linux, and "why" each particular technique works, so that you will know how to make Linux work for you.

    At long last you'll be united with the programming language you've been longing for: Clojure!As a Lisp-style functional programming language, Clojure lets you write robust and elegant code, and because it runs on the Java Virtual Machine, you can take advantage of the vast Java ecosystem. Clojure for the Brave and True offers a "dessert-first" approach: you'll start playing with real programs immediately, as you steadily acclimate to the abstract but powerful features of Lisp and functional programming. Inside you'll find an offbeat, practical guide to Clojure, filled with quirky sample programs that catch cheese thieves and track glittery vampires.Learn how to: Wield Clojure's core functions Use Emacs for Clojure development Write macros to modify Clojure itself Use Clojure's tools to simplify concurrency and parallel programmingClojure for the Brave and True assumes no prior experience with Clojure, the Java Virtual Machine, or functional programming. Are you ready, brave reader, to meet your true destiny? Grab your best pair of parentheses—you're about to embark on an epic journey into the world of Clojure!

    It will allow you to avoid some likely pitfalls and it will guide you to asking, yourself and your clients, the right questions. Though many people focus on the visualization techniques in Kanban the true value only emerges when you, as a kanban system manager, are apt at noticing the anti-patterns that occur on the kanban board and are able to take appropriate actions. David generously shares his vast experience in this field, with plenty real case scenarios, to the benefit of the reader. After reading this book I toyed with the idea: Would I've changed my approach to coaching my previous clients, in their adoption of agile values and practices, had I read this at the time? Well, I certainly would have, for all of them, and I'm sure it would have meant a smoother change process for the agilely challenged organizations. David provides a comprehensive guide to implementing Kanban in a software development/maintenance environment. Covering the mechanics, dynamics, principles and rationale behind why Kanban is a so promising framework for managing the work of a variety of teams and groups and being an evolutionary-based change management driver. Kanban is the practical approach to implement Lean Software Development, and this book is the practical guide for how to start using Kanban, and how to adapt the system for advanced needs. The book is clear and flowing, even though it covers some quite technical material. I would recommend it to Development managers, Project/Program managers, Agile Coaches/Consultants. It addresses concerns/needs of Novice as well as those already familiar with Kanban and looking for advanced answers. Even if you don't intend to implement a kanban system, there are a lot of techniques and ideas that are easily applicable to any product development/maintenance environment, agile or not. Bottom line, highly recommended.

    And code. And code. You build only to rebuild. You focus on making your site compatible with almost every browser or wireless device ever put out there. Then along comes a new device or a new browser, and you start all over again.You can get off the merry-go-round.It's time to stop living in the past and get away from the days of spaghetti code, insanely nested table layouts, tags, and other redundancies that double and triple the bandwidth of even the simplest sites. Instead, it's time for forward compatibility.Isn't it high time you started designing with web standards?Standards aren't about leaving users behind or adhering to inflexible rules. Standards are about building sophisticated, beautiful sites that will work as well tomorrow as they do today. You can't afford to design tomorrow's sites with yesterday's piecemeal methods.Jeffrey teaches you to:- Slash design, development, and quality assurance costs (or do great work in spite of constrained budgets)- Deliver superb design and sophisticated functionality without worrying about browser incompatibilities- Set up your site to work as well five years from now as it does today- Redesign in hours instead of days or weeks- Welcome new visitors and make your content more visible to search engines- Stay on the right side of accessibility laws and guidelines- Support wireless and PDA users without the hassle and expense of multiple versions- Improve user experience with faster load times and fewer compatibility headaches- Separate presentation from structure and behavior, facilitating advanced publishing workflows

    Identity Theft. Corporate Espionage. National secrets compromised. Can anyone promise security in our digital world?The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product – one that system administrators and corporate executives alike must understand to survive.This edition updated with new information about post-9/11 security.

    You can think of this problem as a variant of the well known "telephone game", where some trivial rumor is repeated from one person to the next until it has become distorted beyond recognition and blown up out of all proportion.Unfortunately, the objects of this telephone game are generally considered cornerstone truths of the discipline, to the point that their acceptance now seems to hinder further progress.In this short ebook, we will take a look at some of those "ground truths": the claimed 10x variation in productivity between developers; the "software crisis"; the cost-of-change curve; the "cone of uncertainty"; and more. We'll hone our scholarship skills by looking up the original source for these ideas and taking a deep dive in the history of their development. We'll assess the real weight of the evidence behind these ideas.And we'll confront the scary prospect of moving the state of the art forward in a discipline that has had the ground kicked from under it.

    More importantly, this book provides a framework for thinking about computer organization and design that will enable the reader to continue the lifetime of learning necessary for staying at the forefront of this competitive discipline. --John Crawford Intel Fellow Director of Microprocessor Architecture, Intel The performance of software systems is dramatically affected by how well software designers understand the basic hardware technologies at work in a system. Similarly, hardware designers must understand the far reaching effects their design decisions have on software applications. For readers in either category, this classic introduction to the field provides a deep look into the computer. It demonstrates the relationship between the software and hardware and focuses on the foundational concepts that are the basis for current computer design. Using a distinctive learning by evolution approach the authors present each idea from its first principles, guiding readers through a series of worked examples that incrementally add more complex instructions until they ha

    The RESTful approach to web services design is rapidly become the approach of choice. Unfortunately, too few people have truly solid REST API design skills, and discussions of REST can become bogged down in dry theory.The REST API Design Handbook is a simple, practical guide to aid software engineers and software architects create lasting, scalable APIs based on REST architectural principles. The book provides a sound foundation in discussing the constraints that define a REST API. It quickly goes beyond that into the practical aspects of implementing such an API in the real world.Written by cloud computing expert George Reese, The REST API Design Handbook reflects hands on work in consuming many different third party APIs as well the development of REST-based web services APIs. It addresses all of the debates the commonly arise while creating these APIs. Subjects covered include:* REST architectural constraints* Using HTTP methods and response codes in an API* Authenticating RESTful API calls* Versioning* Asynchronous Operations* Pagination and Streaming* Polling and Push Notifications* Rate Limiting

    With this practical guide, you'll learn how PHP has become a full-featured, mature language with object-orientation, namespaces, and a growing collection of reusable component libraries.Author Josh Lockhart--creator of PHP The Right Way, a popular initiative to encourage PHP best practices--reveals these new language features in action. You'll learn best practices for application architecture and planning, databases, security, testing, debugging, and deployment. If you have a basic understanding of PHP and want to bolster your skills, this is your book.Learn modern PHP features, such as namespaces, traits, generators, and closuresDiscover how to find, use, and create PHP componentsFollow best practices for application security, working with databases, errors and exceptions, and moreLearn tools and techniques for deploying, tuning, testing, and profiling your PHP applicationsExplore Facebook's HVVM and Hack language implementations--and how they affect modern PHPBuild a local development environment that closely matches your production server