Everyone has heard of computer programmers but few people realize there are nearly as many people behind the scenes with job titles such as Software Tester, Software Quality Assurance Engineer, Software Test Engineer, and Software Test Technician. Microsoft alone hires hundreds of people for these positions each year. There are also many companies whose sole purpose is providing software test consulting and software testing services. The first edition of Software Testing was published in November 2000. Although the processes and techniques used in testing computer software are timeless, this title will be brought up-to-date by adding a chapter that specifically deals with testing software for security bugs and revisiting the rest of the book to update examples and references.

    100% complete coverage of all objectives for exam RH302 Exam Readiness Checklist at the front of the book--you're ready for the exam when all objectives on the list are checked off Inside the Exam sections in every chapter highlight key exam topics covered Real-world exercises modeled after hands-on exam scenarios Two complete lab-based exams simulate the format, tone, topics, and difficulty of the real exam Bonus content (available for download) includes installation screen review, basic instructions for using VMware and Xen as testbeds, and paper and pencil versions of the lab exams Covers all RH302 exam topics, including: Hardware installation and configuration The boot process Linux filesystem administration Package management and Kickstart User and group administration System administration tools Kernel services and configuration Apache and Squid Network file sharing services (NFS, FTP, and Samba) Domain Name System (DNS) E-mail (servers and clients) Extended Internet Services Daemon (xinetd), the Secure package, and DHCP The X Window System Firewalls, SELinux, and troubleshooting

    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

    But most people only use the bare minimum SSH offers. Used properly, SSH simplifies your job and improves security.This book saves you from sifting a decade of obsolete online tutorials and quickly gets you running:SSH with the OpenSSH server and the PuTTY and OpenSSH clients. You will:Eliminate passwords.Manage access to your SSH server by users, groups, addresses, and moreSecurely move files around your networkForward graphic displays from one host to anotherForward TCP/IP connections Centrally manage host keys and client configurationsUse SSH as a secure transport for other applicationsSecure applications run over SSHBuild Virtual Private Networks with OpenSSHAnd more! This book quickly and painlessly simplifies life for anyone using SSH.Review"Michael W. Lucas is one of my favorite technical authors, and every book he writes is a must-read for IT professionals." - Richard Bejtlich, CSO, MANDIANT, and TaoSecurity blogger"...SSH Mastery is a title that Unix users and system administrators like myself will want to keep within reach..." - Peter Hansteen"This stripping-down of the usual tech-book explanations gives it the immediacy of extended documentation on the Internet. ...an in-depth presentation from someone who used OpenSSH to do a number of things, and paid attention while doing it." - Justin Sherrill, DragonFly BSD Digest

    The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into disassembly-code-level reverse engineering-and explaining how to decipher assembly language

    You will learn the techniques successful leaders use to make their strategic decisions and you will be given the tools to ensure that your team is in alignment to achieving common goals. Leading Quality is the first book that teaches why quality is important and how to incorporate it within the workspace. Praise for Leading Quality:   “A quality mindset remains key to differentiating your product and your company. Leading Quality offers key lessons to develop this mindset.” - Michael Lopp, author of Managing Humans and VP of Product Engineering at Slack “Leading Quality communicates just how important a focus on quality is within your company and is one of the few titles that actually teaches how to lead quality in a clear yet captivating manner.”  - Shesh Patel, Engineering Manager at The New York Times “Three elements define any successful product: quality, quality, and quality. Leading Quality is a comprehensive and practical guide to embedding quality into the DNA of any product organization.” - Nick Caldwell, CPO at Looker and former VP of Engineering at Reddit

    Each idiom comes with a detailed description, example code showing the "wrong" way to do it, and code for the idiomatic, "Pythonic" alternative. *This version of the book is for Python 2.7.3+. There is also a Python 3.3+ version available.* "Writing Idiomatic Python" contains the most common and important Python idioms in a format that maximizes identification and understanding. Each idiom is presented as a recommendation to write some commonly used piece of code. It is followed by an explanation of why the idiom is important. It also contains two code samples: the "Harmful" way to write it and the "Idiomatic" way. * The "Harmful" way helps you identify the idiom in your own code. * The "Idiomatic" way shows you how to easily translate that code into idiomatic Python. This book is perfect for you: * If you're coming to Python from another programming language * If you're learning Python as a first programming language * If you're looking to increase the readability, maintainability, and correctness of your Python code What is "Idiomatic" Python? Every programming language has its own idioms. Programming language idioms are nothing more than the generally accepted way of writing a certain piece of code. Consistently writing idiomatic code has a number of important benefits: * Others can read and understand your code easily * Others can maintain and enhance your code with minimal effort * Your code will contain fewer bugs * Your code will teach others to write correct code without any effort on your part

    Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.

    Busted as a teenager for hacking into Pac Bell phone networks, Kevin Poulsen would find his punishment was a job with a Silicon Valley defense contractor. By day he seemed to have gone straight, toiling on systems for computer-aided war. But by night he burglarized telephone switching offices, adopting the personae and aliases of his favorite comic-book anti heroes - the Watchmen. When authorities found a locker crammed with swiped telecommunications equipment, Poulsen became a fugitive from the FBI, living the life of a cyberpunk in a neon Hollywood underground. Soon he made the front pages of the New York Times and became the first hacker charged with espionage. Littman takes us behind the headlines and into the world of Poulsen and his rogues' gallery of cyberthieves. Drawing on hundreds of hours of interviews with Poulsen, his confederates, and the authorities, he spins a thrilling chase story on the electronic frontier. The nation's phone network was Poulsen's playground. On Los Angeles's lucrative radio giveaways, Poulsen worked his magic, winning Porsches and tens of thousands of dollars. He secretly switched on the numbers of defunct Yellow Pages escort ads and took his cut of the profits. And he could wiretap or electronically stalk whomever he pleased, his childhood love or movie stars. The FBI seemed no match for Poulsen. But as Unsolved Mysteries prepared a broadcast on the hacker's crimes, LAPD vice stumbled onto his trail, and an undercover operation began on Sunset Strip.

    Historically and etymologically richer than its predecessor, it supplies additional background on existing entries and clarifies the murky origins of several important jargon terms (overturning a few long-standing folk etymologies) while still retaining its high giggle value.Sample definitionhacker n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating {hack value}. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a UNIX hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term is {cracker}.The term 'hacker' also tends to connote membership in the global community defined by the net (see {network, the} and {Internet address}). It also implies that the person described is seen to subscribe to some version of the hacker ethic (see {hacker ethic, the}).It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled {bogus}). See also {wannabee}.

    Though it may not seem this way for those who have been in the field for most of their careers, in the overall scheme of professions, software builders are relative "newbies." In the short history of the software field, a lot of facts have been identified, and a lot of fallacies promulgated. Those facts and fallacies are what this book is about. There's a problem with those facts-and, as you might imagine, those fallacies. Many of these fundamentally important facts are learned by a software engineer, but over the short lifespan of the software field, all too many of them have been forgotten. While reading Facts and Fallacies of Software Engineering , you may experience moments of "Oh, yes, I had forgotten that," alongside some "Is that really true?" thoughts. The author of this book doesn't shy away from controversy. In fact, each of the facts and fallacies is accompanied by a discussion of whatever controversy envelops it. You may find yourself agreeing with a lot of the facts and fallacies, yet emotionally disturbed by a few of them! Whether you agree or disagree, you will learn why the author has been called "the premier curmudgeon of software practice." These facts and fallacies are fundamental to the software building field-forget or neglect them at your peril!

    Following a cookbook-style Problem/Solution/Discussion format, this practical handbook builds on the foundational concepts of the Go language and introduces specific strategies you can use in your day-to-day applications. You'll learn techniques for building web services, using Go in the cloud, testing and debugging, routing, network applications, and much more.

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.

    Learn how to leverage the Django web framework to its full potential in this advanced tutorial and reference. Endorsed by Django, Pro Django more or less picks up where The Definitive Guide to Django left off and examines in greater detail the unusual and complex problems that Python web application developers can face and how to solve them.Provides in-depth information about advanced tools and techniques available in every Django installation Runs the gamut from the theory of Django's internal operations to actual code that solves real-world problems for high-volume environments Goes above and beyond other books, leaving the basics behind Shows how Django can do things even its core developers never dreamed possible

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.