You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian Glazer.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.About the TechnologyThink of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.About the BookOAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.What's InsideCovers OAuth 2 protocol and designAuthorization with OAuth 2OpenID Connect and User-Managed AccessImplementation risksJOSE, introspection, revocation, and registrationProtecting and accessing REST APIsAbout the ReaderReaders need basic programming skills and knowledge of HTTP and JSON.About the AuthorJustin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.Table of ContentsPart 1 - First stepsWhat is OAuth 2.0 and why should you care?The OAuth dance Part 2 - Building an OAuth 2 environmentBuilding a simple OAuth clientBuilding a simple OAuth protected resourceBuilding a simple OAuth authorization serverOAuth 2.0 in the real world Part 3 - OAuth 2 implementation and vulnerabilitiesCommon client vulnerabilitiesCommon protected resources vulnerabilitiesCommon authorization server vulnerabilitiesCommon OAuth token vulnerabilities Part 4 - Taking OAuth furtherOAuth tokensDynamic client registrationUser authentication with OAuth 2.0Protocols and profiles using OAuth 2.0Beyond bearer tokensSummary and conclusions

    He needed a way to keep track of software development over time – whatever he was thinking about or working on. He researched subjects he found interesting, then documented his research with a public blog post, which he could easily find and refer to later. Over time, increasing numbers of blog visitors found the posts helpful, relevant and interesting. Now, approximately 100,000 readers visit the blog per day and nearly as many comment and interact on the site.Effective Programming: More Than Writing Code is your one-stop shop for all things programming. Jeff writes with humor and understanding, allowing for both seasoned programmers and newbies to appreciate the depth of his research. From such posts as“The Programmer’s Bill of Rights” and “Why Cant Programmers... Program?” to “Working With the Chaos Monkey,” this book introduces the importance of writing responsible code, the logistics involved, and how people should view it more as a lifestyle than a career.

    Even experienced JavaScripters sometimes find themselves overwhelmed as complex apps grow into a tangled web of callbacks.With Async JavaScript, you'll learn about:Event schedulingThe PubSub patternPromises and Deferred objectsFlow control with Async.jsRecipes for common async scenariosMulti-threading with Web WorkersAltJS languagesand more, with examples tailored to jQuery and Node.js.

    Getting started with this JavaScript library is easy, but it can take years to fully realize its breadth and depth; this cookbook shortens the learning curve considerably. With these recipes, you'll learn patterns and practices from 19 leading developers who use jQuery for everything from integrating simple components into websites and applications to developing complex, high-performance user interfaces. Ideal for newcomers and JavaScript veterans alike, jQuery Cookbook starts with the basics and then moves to practical use cases with tested solutions to common web development hurdles. You also get recipes on advanced topics, such as methods for applying jQuery to large projects.Solve problems involving events, effects, dimensions, forms, themes, and user interface elementsLearn how to enhance your forms, and how to position and reposition elements on a pageMake the most of jQuery's event management system, including custom events and custom event dataCreate UI elements-such as tabs, accordions, and modals-from scratchOptimize your code to eliminate bottlenecks and ensure peak performanceLearn how to test your jQuery applicationsThe book's contributors include:Cody LindleyJames PadolseyRalph WhitbeckJonathan SharpMichael Geary and Scott GonzálezRebecca MurpheyRemy SharpAriel FleslerBrian CherneJörn ZaeffererMike HostetlerNathan SmithRichard D. WorthMaggie Wachs, Scott Jehl, Todd Parker, and Patty TolandRob Burns

    The concepts and techniques described are the actual ones used by real game studios like Electronic Arts and Naughty Dog. The examples are often grounded in specific technologies, but the discussion extends way beyond any particular engine or API. The references and citations make it a great jumping off point for those who wish to dig deeper into any particular aspect of the game development process.Intended as the text for a college level series in game programming, this book can also be used by amateur software engineers, hobbyists, self-taught game programmers, and existing members of the game industry. Junior game engineers can use it to solidify their understanding of game technology and engine architecture. Even senior engineers who specialize in one particular field of game development can benefit from the bigger picture presented in these pages.

    This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

    You’ll quickly discover the many advantages of the language, including access to all the great tools and libraries of the .NET platform.Reap the benefits of functional programming for your next project, whether you’re writing concurrent code, or building data- or math-intensive applications. With this comprehensive book, former F# team member Chris Smith gives you a head start on the fundamentals and walks you through advanced concepts of the F# language.Learn F#’s unique characteristics for building applicationsGain a solid understanding of F#’s core syntax, including object-oriented and imperative stylesMake your object-oriented code better by applying functional programming patternsUse advanced functional techniques, such as tail-recursion and computation expressionsTake advantage of multi-core processors with asynchronous workflows and parallel programmingUse new type providers for interacting with web services and information-rich environmentsLearn how well F# works as a scripting language

    Because almost every aspect of an enterprise is now dependent on technology, the focus of IT security must shift from locking down assets to enabling the business while managing and surviving risk. This compact book discusses business risk from a broader perspective, including privacy and regulatory considerations. It describes the increasing number of threats and vulnerabilities, but also offers strategies for developing solutions. These include discussions of how enterprises can take advantage of new and emerging technologies—such as social media and the huge proliferation of Internet-enabled devices—while minimizing risk. With ApressOpen, content is freely available through multiple online distribution channels and electronic formats with the goal of disseminating professionally edited and technically reviewed content to the worldwide community. Here are some of the responses from reviewers of this exceptional work: “Managing Risk and Information Security is a perceptive, balanced, and often thought-provoking exploration of evolving information risk and security challenges within a business context.  Harkins clearly connects the needed, but often-overlooked linkage and dialog between the business and technical worlds and offers actionable strategies.   The book contains eye-opening security insights that are easily understood, even by the curious layman.” Fred Wettling, Bechtel Fellow, IS&T Ethics & Compliance Officer, Bechtel     “As disruptive technology innovations and escalating cyber threats continue to create enormous information security challenges, Managing Risk and Information Security: Protect to Enable provides a much-needed perspective. This book compels information security professionals to think differently about concepts of risk management in order to be more effective. The specific and practical guidance offers a fast-track formula for developing information security strategies which are lock-step with business priorities.” Laura Robinson, Principal, Robinson Insight Chair, Security for Business Innovation Council (SBIC) Program Director, Executive Security Action Forum (ESAF) “The mandate of the information security function is being completely rewritten. Unfortunately most heads of security haven’t picked up on the change, impeding their companies’ agility and ability to innovate. This book makes the case for why security needs to change, and shows how to get started. It will be regarded as marking the turning point in information security for years to come.” Dr. Jeremy Bergsman, Practice Manager, CEB     “The world we are responsible to protect is changing dramatically and at an accelerating pace. Technology is pervasive in virtually every aspect of our lives. Clouds, virtualization and mobile are redefining computing – and they are just the beginning of what is to come. Your security perimeter is defined by wherever your information and people happen to be.

    After a year of self-study, I learned to program well enough to land a job as a software engineer II at eBay. Once I got there, I realized I was severely under-prepared. I was overwhelmed by the amount of things I needed to know but hadn't learned yet. My journey learning to program, and my experience at my first job as a software engineer were the inspiration for this book. This book is not just about learning to program; although you will learn to code. If you want to program professionally, it is not enough to learn to code; that is why, in addition to helping you learn to program, I also cover the rest of the things you need to know to program professionally that classes and books don't teach you. "The Self-taught Programmer" is a roadmap, a guide to take you from writing your first Python program, to passing your first technical interview. I divided the book into five sections: 1. Start to program in Python 3 and build your first program.2. Learn Object-oriented programming and create a powerful Python program to get you hooked.3. Learn to use tools like Git, Bash, and regular expressions. Then use your new coding skills to build a web scraper.4. Study Computer Science fundamentals like data structures and algorithms.5. Finish with best coding practices, tips for working with a team, and advice on landing a programming job.You CAN learn to program professionally. The path is there. Will you take it?

    Based on Big Nerd Ranch's popular Android Bootcamp course, this guide will lead you through the wilderness using hands-on example apps combined with clear explanations of key concepts and APIs. This book focuses on practical techniques for developing apps compatible with all versions of Android widely used today (Android 2.2 - 4.2). Write and run code every step of the way - creating apps that catalog crime scenes, browse photos, track your jogging route, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development. Write and run code every step of the way -- creating apps that catalog crime scenes, browse photos, track your jogging route, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development."Big Nerd Ranch provided the training we needed to get hundreds of engineers building skillfully on Android. This book is a great distillation of that training and will be a huge help to anyone looking to ramp up as well." - Mike Shaver, Director of Mobile Engineering, Facebook"...a must-have for the developer just starting in Android or ready for more advanced techniques. I was impressed with this book's content and clarity of presentation. The authors explain simple and complex Android topics with equal ease." - James Steele, author of The Android Developer's Cookbook

    In contrast, most software developers only ever get to know a handful of large programs well—usually programs they wrote themselves—and never study the great programs of history. As a result, they repeat one another's mistakes rather than building on one another's successes.This book's goal is to change that. In it, the authors of twenty-five open source applications explain how their software is structured, and why. What are each program's major components? How do they interact? And what did their builders learn during their development? In answering these questions, the contributors to this book provide unique insights into how they think.If you are a junior developer, and want to learn how your more experienced colleagues think, this book is the place to start. If you are an intermediate or senior developer, and want to see how your peers have solved hard design problems, this book can help you too.

    But the state-of-the-art has moved forward dramatically since Meyers last updated this book in 1997. (For instance, there s now STL. Design patterns. Even new functionality being added through TR1 and Boost.) So Meyers has done a top-to-bottom rewrite, identifying the 55 most valuable techniques you need now to be exceptionally effective with C++. Over half of this edition s content is new. Templates broadly impact C++ development, and you ll find them everywhere. There s extensive coverage of multithreaded systems. There s an entirely new chapter on resource management. You ll find substantial new coverage of exceptions. Much is gained, but nothing s lost: You ll find the same depth of practical insight that first made Effective C++ a classic all those years ago. Bill Camarda, from the July 2005 href="http://www.barnesandnoble.com/newslet... Only

    The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.

    They are now standard features in a wide range of languages and popular tools, including Perl, Python, Ruby, Java, VB.NET and C# (and any language using the .NET Framework), PHP, and MySQL.If you don't use regular expressions yet, you will discover in this book a whole new world of mastery over your data. If you already use them, you'll appreciate this book's unprecedented detail and breadth of coverage. If you think you know all you need to know about regularexpressions, this book is a stunning eye-opener.As this book shows, a command of regular expressions is an invaluable skill. Regular expressions allow you to code complex and subtle text processing that you never imagined could be automated. Regular expressions can save you time and aggravation. They can be used to craft elegant solutions to a wide range of problems. Once you've mastered regular expressions, they'll become an invaluable part of your toolkit. You will wonder how you ever got by without them.Yet despite their wide availability, flexibility, and unparalleled power, regular expressions are frequently underutilized. Yet what is power in the hands of an expert can be fraught with peril for the unwary. Mastering Regular Expressions will help you navigate the minefield to becoming an expert and help you optimize your use of regular expressions.Mastering Regular Expressions, Third Edition, now includes a full chapter devoted to PHP and its powerful and expressive suite of regular expression functions, in addition to enhanced PHP coverage in the central "core" chapters. Furthermore, this edition has been updated throughout to reflect advances in other languages, including expanded in-depth coverage of Sun's java.util.regex package, which has emerged as the standard Java regex implementation.Topics include:A comparison of features among different versions of many languages and toolsHow the regular expression engine worksOptimization (major savings available here!)Matching just what you want, but not what you don't wantSections and chapters on individual languagesWritten in the lucid, entertaining tone that makes a complex, dry topic become crystal-clear to programmers, and sprinkled with solutions to complex real-world problems, Mastering Regular Expressions, Third Edition offers a wealth information that you can put to immediateuse.Reviews of this new edition and the second edition: "There isn't a better (or more useful) book available on regular expressions."--Zak Greant, Managing Director, eZ Systems"A real tour-de-force of a book which not only covers the mechanics of regexes in extraordinary detail but also talks about efficiency and the use of regexes in Perl, Java, and .NET...If you use regular expressions as part of your professional work (even if you already have a good book on whatever language you're programming in) I would strongly recommend this book to you."--Dr. Chris Brown, Linux Format"The author does an outstanding job leading the reader from regexnovice to master. The book is extremely easy to read and chock full ofuseful and relevant examples...Regular expressions are valuable toolsthat every developer should have in their toolbox. Mastering RegularExpressions is the definitive guide to the subject, and an outstandingresource that belongs on every programmer's bookshelf. Ten out of TenHorseshoes."--Jason Menard, Java Ranch

    Difficult issues need to be figured out, such as scalability, consistency, reliability, efficiency, and maintainability. In addition, we have an overwhelming variety of tools, including relational databases, NoSQL datastores, stream or batch processors, and message brokers. What are the right choices for your application? How do you make sense of all these buzzwords?In this practical and comprehensive guide, author Martin Kleppmann helps you navigate this diverse landscape by examining the pros and cons of various technologies for processing and storing data. Software keeps changing, but the fundamental principles remain the same. With this book, software engineers and architects will learn how to apply those ideas in practice, and how to make full use of data in modern applications. Peer under the hood of the systems you already use, and learn how to use and operate them more effectively Make informed decisions by identifying the strengths and weaknesses of different tools Navigate the trade-offs around consistency, scalability, fault tolerance, and complexity Understand the distributed systems research upon which modern databases are built Peek behind the scenes of major online services, and learn from their architectures