Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    You'll learn how to create responsive, data-driven websites with PHP, MySQL, and JavaScript, regardless of whether you already know how to program. Discover how the powerful combination of PHP and MySQL provides an easy way to build modern websites complete with dynamic data and user interaction. You'll also learn how to add JavaScript to create rich Internet applications and websites.Learning PHP, MySQL, and JavaScript explains each technology separately, shows you how to combine them, and introduces valuable web programming concepts, including objects, XHTML, cookies, and session management. You'll practice what you've learned with review questions in each chapter, and find a sample social networking platform built with the elements introduced in this book. This book will help you:-Understand PHP essentials and the basics of object-oriented programming-Master MySQL, from database structure to complex queries-Create web pages with PHP and MySQL by integrating forms and other HTML features-Learn about JavaScript, from functions and event handling to accessing the Document Object Model-Use libraries and packages, including the Smarty web template system, PEAR program repository, and the Yahoo! User Interface Library -Make Ajax calls and turn your website into a highly dynamic environment-Upload and manipulate files and images, validate user input, and secure your applications

    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

    Whether you're new to Linux or need a reliable update and reference, this is an excellent resource. Veteran bestselling author Christopher Negus provides a complete tutorial packed with major updates, revisions, and hands-on exercises so that you can confidently start using Linux today. Offers a complete restructure, complete with exercises, to make the book a better learning tool Places a strong focus on the Linux command line tools and can be used with all distributions and versions of Linux Features in-depth coverage of the tools that a power user and a Linux administrator need to get startedThis practical learning tool is ideal for anyone eager to set up a new Linux desktop system at home or curious to learn how to manage Linux server systems at work.

    Commercial game development expert Robert Nystrom presents an array of general solutions to problems encountered in game development. For example, you'll learn how double-buffering enables a player to perceive smooth and realistic motion, and how the service locator pattern can help you provide access to services such as sound without coupling your code to any particular sound driver or sound hardware. Games have much in common with other software, but also a number of unique constraints. Some of the patterns in this book are well-known in other domains of software development. Other of the patterns are unique to gaming. In either case, Robert Nystrom bridges from the ivory tower world of software architecture to the in-the-trenches reality of hardcore game programming. You'll learn the patterns and the general problems that they solve. You'll come away able to apply powerful and reusable architectural solutions that enable you to produce higher quality games with less effort than before. Applies classic design patterns to game programming. Introduces new patterns specific to game programming. Brings abstract software architecture down to Earth with approachable writing and an emphasis on simple code that shows each pattern in practice. What you'll learn Overcome architectural challenges unique to game programming Apply lessons from the larger software world to games. Tie different parts of a game (graphics, sound, AI) into a cohesive whole. Create elegant and maintainable architecture. Achieve good, low-level performance. Gain insight into professional, game development. Who this book is forGame Programming Patterns is aimed at professional game programmers who, while successful in shipping games, are frustrated at how hard it sometimes is to add and modify features when a game is under development. Game Programming Patterns shows how to apply modern software practices to the problem of game development while still maintaining the blazing-fast performance demanded by hard-core gamers. Game Programming Patterns also appeals to those learning about game programming in their spare time. Hobbyists and aspiring professionals alike will find much to learn in this book about pathfinding, collision detection, and other game-programming problem domains.

    Whether you use Linux, Unix, or Windows, this newly revised edition describes the essential practices previously handed down only from mentor to protege. This wonderfully lucid, often funny cornucopia of information introduces beginners to advanced frameworks valuable for their entire career, yet is structured to help even the most advanced experts through difficult projects.The book's four major sections build your knowledge with the foundational elements of system administration. These sections guide you through better techniques for upgrades and change management, catalog best practices for IT services, and explore various management topics. Chapters are divided into The Basics and The Icing. When you get the Basics right it makes every other aspect of the job easier--such as automating the right things first. The Icing sections contain all the powerful things that can be done on top of the basics to wow customers and managers.Inside, you'll find advice on topics such asThe key elements your networks and systems need in order to make all other services run better Building and running reliable, scalable services, including web, storage, email, printing, and remote access Creating and enforcing security policies Upgrading multiple hosts at one time without creating havoc Planning for and performing flawless scheduled maintenance windows Managing superior helpdesks and customer care Avoiding the -temporary fix- trap Building data centers that improve server uptime Designing networks for speed and reliability Web scaling and security issues Why building a backup system isn't about backups Monitoring what you have and predicting what you will need How technically oriented workers can maintain their job's technical focus (and avoid an unwanted management role) Technical management issues, including morale, organization building, coaching, and maintaining positive visibility Personal skill techniques, including secrets for getting more done each day, ethical dilemmas, managing your boss, and loving your job System administration salary negotiation It's no wonder the first edition received Usenix SAGE's 2005 Outstanding Achievement Award!This eagerly anticipated second edition updates this time-proven classic:Chapters reordered for easier navigationThousands of updates and clarifications based on reader feedbackPlus three entirely new chapters: Web Services, Data Storage, and Documentation

    It features excellent examples and access to Addison Wesley's database Web site that includes further teaching, tutorials and many useful student resources.

    With this long-awaited revision, the authors continue to present the theory in a concise and straightforward manner, now with an eye out for the practical applications. They have revised this book to make it more accessible to today's students, including the addition of more material on writing proofs, more figures and pictures to convey ideas, side-boxes to highlight other interesting material, and a less formal writing style. Exercises at the end of each chapter, including some new, easier exercises, help readers confirm and enhance their understanding of the material. *NEW! Completely rewritten to be less formal, providing more accessibility to todays students. *NEW! Increased usage of figures and pictures to help convey ideas. *NEW! More detail and intuition provided for definitions and proofs. *NEW! Provides special side-boxes to present supplemental material that may be of interest to readers. *NEW! Includes more exercises, including many at a lower level. *NEW! Presents program-like notation for PDAs and Turing machines. *NEW! Increas

    In this book, Agile Alliance cofounder Mike Cohn discusses the philosophy of agile estimating and planning and shows you exactly how to get the job done, with real-world examples and case studies.Concepts are clearly illustrated and readers are guided, step by step, toward how to answer the following questions: What will we build? How big will it be? When must it be done? How much can I really complete by then? You will first learn what makes a good plan-and then what makes it agile.Using the techniques in Agile Estimating and Planning , you can stay agile from start to finish, saving time, conserving resources, and accomplishing more. Highlights include:Why conventional prescriptive planning fails and why agile planning works How to estimate feature size using story points and ideal days--and when to use each How and when to re-estimate How to prioritize features using both financial and nonfinancial approaches How to split large features into smaller, more manageable ones How to plan iterations and predict your team's initial rate of progress How to schedule projects that have unusually high uncertainty or schedule-related risk How to estimate projects that will be worked on by multiple teams Agile Estimating and Planning supports any agile, semiagile, or iterative process, including Scrum, XP, Feature-Driven Development, Crystal, Adaptive Software Development, DSDM, Unified Process, and many more. It will be an indispensable resource for every development manager, team leader, and team member.

    The widespread adoption of agile methods has brought the need for effective testing into the limelight, and agile projects have transformed the role of testers. Much of a tester's function, however, remains largely misunderstood. What is the true role of a tester? Do agile teams actually need members with QA backgrounds? What does it really mean to be an "agile tester?"Two of the industry's most experienced agile testing practitioners and consultants, Lisa Crispin and Janet Gregory, have teamed up to bring you the definitive answers to these questions and many others. In Agile Testing, Crispin and Gregory define agile testing and illustrate the tester's role with examples from real agile teams. They teach you how to use the agile testing quadrants to identify what testing is needed, who should do it, and what tools might help. The book chronicles an agile software development iteration from the viewpoint of a tester and explains the seven key success factors of agile testing.Readers will come away from this book understanding- How to get testers engaged in agile development- Where testers and QA managers fit on an agile team- What to look for when hiring an agile tester- How to transition from a traditional cycle to agile development- How to complete testing activities in short iterations- How to use tests to successfully guide development- How to overcome barriers to test automationThis book is a must for agile testers, agile teams, their managers, and their customers.

    It details the core protocols that make TCP/IP internetworks function, and the most important classical TCP/IP applications. Its personal, easy-going writing style lets anyone understand the dozens of protocols and technologies that run the Internet, with full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more. The author offers not only a detailed view of the TCP/IP protocol suite, but also describes networking fundamentals and the important OSI Reference Model.

    The book covers lambdas, streams, and functional-style programming. With Java 8's functional features you can now write more concise code in less time, and also automatically benefit from multicore architectures. It's time to dig in!

    As a result, functional code is easier to test and reuse, simpler to parallelize, and less prone to bugs. Scala is an emerging JVM language that offers strong support for FP. Its familiar syntax and transparent interoperability with existing Java libraries make Scala a great place to start learning FP.Functional Programming in Scala is a serious tutorial for programmers looking to learn FP and apply it to the everyday business of coding. The book guides readers from basic techniques to advanced topics in a logical, concise, and clear progression. In it, they'll find concrete examples and exercises that open up the world of functional programming.Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book.

    Feynman gave his famous course on computation at the California Institute of Technology, he asked Tony Hey to adapt his lecture notes into a book. Although led by Feynman, the course also featured, as occasional guest speakers, some of the most brilliant men in science at that time, including Marvin Minsky, Charles Bennett, and John Hopfield. Although the lectures are now thirteen years old, most of the material is timeless and presents a “Feynmanesque” overview of many standard and some not-so-standard topics in computer science such as reversible logic gates and quantum computers.

    This book provides information on software tools, specific work flow for specific kinds of projects, and information on various topics. It includes resources for both instructors and students such as checklists, 700 categorized web references, and more.