The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    Today, Rails developers and architects need better ways to interface with legacy systems, move into the cloud, and scale to handle higher volumes and greater complexity. In Service-Oriented Design with Ruby and Rails Paul Dix introduces a powerful, services-based design approach geared toward overcoming all these challenges. Using Dix's techniques, readers can leverage the full benefits of both Ruby and Rails, while overcoming the difficulties of working with larger codebases and teams. Dix demonstrates how to integrate multiple components within an enterprise application stack; create services that can easily grow and connect; and design systems that are easier to maintain and upgrade. Key concepts are explained with detailed Ruby code built using open source libraries such as ActiveRecord, Sinatra, Nokogiri, and Typhoeus. The book concludes with coverage of security, scaling, messaging, and interfacing with third-party services. Service-Oriented Design with Ruby and Rails will help you Build highly scalable, Ruby-based service architectures that operate smoothly in the cloud or with legacy systems Scale Rails systems to handle more requests, larger development teams, and more complex code bases Master new best practices for designing and creating services in Ruby Use Ruby to glue together services written in any language Use Ruby libraries to build and consume RESTful Web services Use Ruby JSON parsers to quickly represent resources from HTTP services Write lightweight, well-designed API wrappers around internal or external services Discover powerful non-Rails frameworks that simplify Ruby service implementation Implement standards-based enterprise messaging with Advanced Message Queuing Protocol (AMQP) Optimize performance with load balancing and caching Provide for security and authentication

    Now, Core JavaServer™ Faces–the #1 guide to JSF–has been thoroughly updated in this second edition, covering the latest feature enhancements, the powerful Ajax development techniques, and open source innovations that make JSF even more valuable. Authors David Geary and Cay Horstmann delve into all facets of JSF 1.2 development, offering systematic best practices for building robust applications, minimizing handcoding, and maximizing productivity. Drawing on unsurpassed insider knowledge of the Java platform, they present solutions, hints, tips, and “how-tos” for writing superior JSF 1.2 production code, even if you’re new to JSF, JavaServer Pages™, or servlets.The second edition’s extensive new coverage includes: JSF 1.2’s improved alignment with the broader Java EE 5 platform; enhancements to the JSF APIs; controlling Web flow with Shale; and using Facelets to replace JSP with XHTML markup. The authors also introduce Ajax development with JSF–from real-time validation and Direct Web Remoting to wrapping Ajax in JSF components and using the popular Ajax4jsf framework.This book will help you Automate low-level details and eliminate unnecessary complexity in server-side development Discover JSF best practices, ranging from effective UI design and style sheets to internationalization Use JSF with Tiles to build consistent, reusable user interfaces Leverage external services such as databases, LDAP directories, authentication/authorization, and Webservices Use JBoss Seam to greatly simplify development of database-backed applications Implement custom components, converters, and validators Master the JSF 1.2 tag libararies, and extend JSF with additional tag libraries Preface Acknowledgments Chapter 1: Getting Started Chapter 2: Managed Beans Chapter 3: Navigation Chapter 4: Standard JSF Tags Chapter 5: Data Tables Chapter 6: Conversion and Validation Chapter 7: Event Handling Chapter 8: Subviews and Tiles Chapter 9: Custom Components, Converters, and Validators Chapter 10: External Services Chapter 11: Ajax Chapter 12: Open Source Chapter 13: How Do I . . . Index

    Did you design your system to survivef a sudden rush of visitors from Digg or Slashdot? Or an influx of real world customers from 100 different countries? Are you ready for a world filled with flakey networks, tangled databases, and impatient users?If you're a developer and don't want to be on call for 3AM for the rest of your life, this book will help.In Release It!, Michael T. Nygard shows you how to design and architect your application for the harsh realities it will face. You'll learn how to design your application for maximum uptime, performance, and return on investment.Mike explains that many problems with systems today start with the design.

    This book builds on the contributions and strengths of seminal technologies like Spring, Hibernate, and TopLink.EJB 3 is the most important innovation introduced in Java EE 5.0. EJB 3 simplifies enterprise development, abandoning the complex EJB 2.x model in favor of a lightweight POJO framework. The new API represents a fresh perspective on EJB without sacrificing the mission of enabling business application developers to create robust, scalable, standards-based solutions.EJB 3 in Action is a fast-paced tutorial, geared toward helping you learn EJB 3 and the Java Persistence API quickly and easily. For newcomers to EJB, this book provides a solid foundation in EJB. For the developer moving to EJB 3 from EJB 2, this book addresses the changes both in the EJB API and in the way the developer should approach EJB and persistence.

    Multicore machines and 64-bit operating systems are now standard even for casual users, and Java itself has introduced new features to manage applications. The base JVM has kept pace with those developments and offers a very different performance profile in its current versions. By guiding you through this changing landscape, Java Performance: The Definitive Guide helps you gain the best performance from your Java applications.You’ll explore JVM features that traditionally affected performance—including the just-in-time compiler, garbage collection, and language features—before diving in to aspects of Java 7 and 8 designed for maximum performance in today's applications. You’ll learn features such as the G1 garbage collector to maximize your application’s throughput without causing it to pause, and the Java Flight Recorder, which enables you to see application performance details without the need for separate, specialized profiling tools.Whether you’re new to Java and need to understand the basics of tuning the JVM, or a seasoned developer looking to eek out that last 10% of application performance, this is the book you want.

    Design patterns are time-tested solutions to recurring problems, letting the designer build programs on solutions that have already proved effective Provides developers with more than a dozen ASP.NET examples showing standard design patterns and how using them helpsbuild a richer understanding of ASP.NET architecture, as well as better ASP.NET applications Builds a solid understanding of ASP.NET architecture that can be used over and over again in many projects Covers ASP.NET code to implement many standard patterns including Model-View-Controller (MVC), ETL, Master-Master Snapshot, Master-Slave-Snapshot, Facade, Singleton, Factory, Single Access Point, Roles, Limited View, observer, page controller, common communication patterns, and more

    This cookbook includes more than 100 recipes to help you take advantage of REST, HTTP, and the infrastructure of the Web. You'll learn ways to design RESTful web services for client and server applications that meet performance, scalability, reliability, and security goals, no matter what programming language and development framework you use.Each recipe includes one or two problem statements, with easy-to-follow, step-by-step instructions for solving them, as well as examples using HTTP requests and responses, and XML, JSON, and Atom snippets. You'll also get implementation guidelines, and a discussion of the pros, cons, and trade-offs that come with each solution.Learn how to design resources to meet various application scenariosSuccessfully design representations and URIsImplement the hypertext constraint using links and link headersUnderstand when and how to use Atom and AtomPubKnow what and what not to do to support cachingLearn how to implement concurrency controlDeal with advanced use cases involving copying, merging, transactions, batch processing, and partial updatesSecure web services and support OAuth

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    Expanded and updated for .NET 3.5, this new edition focuses on the design issues that directly affect the programmability of a class library, specifically its publicly accessible APIs. This book can improve the work of any .NET developer producing code that other developers will use. It includes copious annotations to the guidelines by thirty-five prominent architects and practitioners of the .NET Framework, providing a lively discussion of the reasons for the guidelines as well as examples of when to break those guidelines. Microsoft architects Krzysztof Cwalina and Brad Abrams teach framework design from the top down. From their significant combined experience and deep insight, you will learnThe general philosophy and fundamental principles of framework design Naming guidelines for the various parts of a framework Guidelines for the design and extending of types and members of types Issues affecting-and guidelines for ensuring-extensibility How (and how "not") to design exceptions Guidelines for-and examples of-common framework design patternsGuidelines in this book are presented in four major forms: Do, Consider, Avoid, and Do not. These directives help focus attention on practices that should "always" be used, those that should "generally" be used, those that should "rarely" be used, and those that should "never" be used. Every guideline includes a discussion of its applicability, and most include a code example to help illuminate the dialogue. "Framework Design Guidelines, Second Edition, " is the only definitive source of best practices for managed code API development, direct from the architects themselves. A companion DVD includes the Designing .NET Class Libraries video series, instructional presentations by the authors on design guidelines for developing classes and components that extend the .NET Framework. A sample API specification and other useful resources and tools are also included.

    We start off easy, defining some of the tech lingo you may have heard before, but didn’t fully understand. From there, each lesson introduces something new, slowly building up to the point where you are confident about what an API is and, for the brave, could actually take a stab at using one.

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.

     Rails(TM) AntiPatterns identifies these widespread Rails code and design problems, explains why they're bad and why they happen--and shows exactly what to do instead.The book is organized into concise, modular chapters--each outlines a single common AntiPattern and offers detailed, cookbook-style code solutions that were previously difficult or impossible to find. Leading Rails developers Chad Pytel and Tammer Saleh also offer specific guidance for refactoring existing bad code or design to reflect sound object-oriented principles and established Rails best practices. With their help, developers, architects, and testers can dramatically improve new and existing applications, avoid future problems, and establish superior Rails coding standards throughout their organizations.This book will help you understand, avoid, and solve problems withModel layer code, from general object-oriented programming violations to complex SQL and excessive redundancy Domain modeling, including schema and database issues such as normalization and serialization View layer tools and conventions Controller-layer code, including RESTful code Service-related APIs, including timeouts, exceptions, backgrounding, and response codes Third-party code, including plug-ins and gems Testing, from test suites to test-driven development processes Scaling and deployment Database issues, including migrations and validations System design for "graceful degradation" in the real world

    Python is considered easy to learn, but there's no quicker way to mastery of the language than learning from an expert teacher. This edition of "Learning Python" puts you in the hands of two expert teachers, Mark Lutz and David Ascher, whose friendly, well-structured prose has guided many a programmer to proficiency with the language. "Learning Python," Second Edition, offers programmers a comprehensive learning tool for Python and object-oriented programming. Thoroughly updated for the numerous language and class presentation changes that have taken place since the release of the first edition in 1999, this guide introduces the basic elements of the latest release of Python 2.3 and covers new features, such as list comprehensions, nested scopes, and iterators/generators. Beyond language features, this edition of "Learning Python" also includes new context for less-experienced programmers, including fresh overviews of object-oriented programming and dynamic typing, new discussions of program launch and configuration options, new coverage of documentation sources, and more. There are also new use cases throughout to make the application of language features more concrete. The first part of "Learning Python" gives programmers all the information they'll need to understand and construct programs in the Python language, including types, operators, statements, classes, functions, modules and exceptions. The authors then present more advanced material, showing how Python performs common tasks by offering real applications and the libraries available for those applications. Each chapter ends with a series of exercises that will test your Python skills and measure your understanding."Learning Python," Second Edition is a self-paced book that allows readers to focus on the core Python language in depth. As you work through the book, you'll gain a deep and complete understanding of the Python language that will help you to understand the larger application-level examples that you'll encounter on your own. If you're interested in learning Python--and want to do so quickly and efficiently--then "Learning Python," Second Edition is your best choice.

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.