You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Pursuing that vision, C#'s designers succeeded in creating a safe, simple, component-based, high-performance language that works effectively with Microsoft's .NET Framework. Now the favored language among those programming for the Microsoft platform, C# continues to grow in popularity as more developers discover its strength and flexibility. And, from the start, C# developers have relied on Programming C# both as an introduction to the language and a means of further building their skills. The fourth edition of Programming C#--the top-selling C# book on the market--has been updated to the C# ISO standard as well as changes to Microsoft's implementation of the language. It also provides notes and warnings on C# 1.1 and C# 2.0. Aimed at experienced programmers and web developers, Programming C#, 4th Edition, doesn't waste too much time on the basics. Rather, it focuses on the features and programming patterns unique to the C# language. New C# 2005 features covered in-depth include:Visual Studio 2005GenericsCollection interfaces and iteratorsAnonymous methodsNew ADO.NET data controlsFundamentals of Object-Oriented ProgrammingAuthor Jesse Liberty, an acclaimed web programming expert and entrepreneur, teaches C# in a way that experienced programmers will appreciate by grounding its applications firmly in the context of Microsoft's .NET platform and the development of desktop and Internet applications. Liberty also incorporates reader suggestions from previous editions to help create the most consumer-friendly guide possible.

    With the many upgraded features, C# is more expressive than ever. However, an in depth understanding is required to get the most out of the language.C# in Depth, Second Edition is a thoroughly revised, up-to-date book that covers the new features of C# 4 as well as Code Contracts. In it, you'll see the subtleties of C# programming in action, learning how to work with high-value features that you'll be glad to have in your toolkit. The book helps readers avoid hidden pitfalls of C# programming by understanding "behind the scenes" issues.Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book.

    Beginners and intermediate developers will appreciate the comprehensive tutorial that walks step-by-step through building a real client/server database, from concept to deployment and beyond -- and points out key pitfalls to avoid throughout the process. Experienced users will appreciate the book's comprehensive coverage of the Transact-SQL language, from basic to advanced level; detailed ODBC database access information; expert coverage of concurrency control, and more. The book includes thorough, up-to-the-minute guidance on building multi-tier applications; SQL Server performance tuning; and other crucial issues for advanced developers. For all database developers, system administrators, and Web application developers who interact with databases in Microsoft-centric environments.

    In eight chapters, it provides the most thorough coverage of TCP available. It also covers the newest TCP/IP features, including multicasting, path MTU discovery and long fat pipes. The author describes various protocols, including ARP, ICMP and UDP. He utilizes network diagnostic tools to actually show the protocols in action. He also explains how to avoid silly window syndrome (SWS) by using numerous helpful diagrams. This book gives you a broader understanding of concepts like connection establishment, timeout, retransmission and fragmentation. It is ideal for anyone wanting to gain a greater understanding of how the TCP/IP protocols work.

    If you're an experienced developer looking to solve problems related to objects, functions, inheritance, and other language-specific categories, the abstractions and code templates in this guide are ideal -- whether you're writing a client-side, server-side, or desktop application with JavaScript.Written by JavaScript expert Stoyan Stefanov -- Senior Yahoo! Technical and architect of YSlow 2.0, the web page performance optimization tool -- JavaScript Patterns includes practical advice for implementing each pattern discussed, along with several hands-on examples. You'll also learn about anti-patterns: common programming approaches that cause more problems than they solve.Explore useful habits for writing high-quality JavaScript code, such as avoiding globals, using single var declarations, and moreLearn why literal notation patterns are simpler alternatives to constructor functionsDiscover different ways to define a function in JavaScriptCreate objects that go beyond the basic patterns of using object literals and constructor functionsLearn the options available for code reuse and inheritance in JavaScriptStudy sample JavaScript approaches to common design patterns such as Singleton, Factory, Decorator, and moreExamine patterns that apply specifically to the client-side browser environment

    It is the definitive reference guide, now in a second edition. Although the first edition was written in 1978, it continues to be a worldwide best-seller. This second edition brings the classic original up to date to include the ANSI standard. From the Preface: We have tried to retain the brevity of the first edition. C is not a big language, and it is not well served by a big book. We have improved the exposition of critical features, such as pointers, that are central to C programming. We have refined the original examples, and have added new examples in several chapters. For instance, the treatment of complicated declarations is augmented by programs that convert declarations into words and vice versa. As before, all examples have been tested directly from the text, which is in machine-readable form. As we said in the first preface to the first edition, C "wears well as one's experience with it grows." With a decade more experience, we still feel that way. We hope that this book will help you to learn C and use it well.

    It covers topics ranging from personal responsibility and career development to architectural techniques for keeping your code flexible and easy to adapt and reuse. Read this book, and you'll learn how toFight software rot; Avoid the trap of duplicating knowledge; Write flexible, dynamic, and adaptable code; Avoid programming by coincidence; Bullet-proof your code with contracts, assertions, and exceptions; Capture real requirements; Test ruthlessly and effectively; Delight your users; Build teams of pragmatic programmers; and Make your developments more precise with automation. Written as a series of self-contained sections and filled with entertaining anecdotes, thoughtful examples, and interesting analogies, The Pragmatic Programmer illustrates the best practices and major pitfalls of many different aspects of software development. Whether you're a new coder, an experienced programmer, or a manager responsible for software projects, use these lessons daily, and you'll quickly see improvements in personal productivity, accuracy, and job satisfaction. You'll learn skills and develop habits and attitudes that form the foundation for long-term success in your career. You'll become a Pragmatic Programmer.

    For years, Joel Spolsky has done exactly this at www.joelonsoftware.com. Now, for the first time, you can own a collection of the most important essays from his site in one book, with exclusive commentary and new insights from joel.

    Due to their monopoly position in web browsers, and the fact web browsers have spread from PCs to phones, tablets and TVs; their status will continue to grow and grow. Despite their success, many software engineers are apprehensive about JavaScript and HTML. This apprehensiveness is not completely unfounded; both JavaScript and HTML were rushed in their early years, and driven by commercial rather than engineering interests. As a result, many dubious features crept into these languages. Due to backwards compatibility concerns, most of these features still remain. In addition, many software engineers have used these languages without ever learning them. JavaScript and HTML have low barriers to entry, and this, along with their similarity to other languages, led many software engineers to conclude that there really was nothing much to learn. If you have not used JavaScript and HTML for a number of years, or if you are a programmer or software engineer using other languages, you may be surprised at what they now offer. Browser based web applications are now capable of matching or exceeding the sophistication and scale of traditional desktop applications. In order to create complex web applications however, it is essential to learn these languages. This book takes the point of view that once you have a strong grasp of the fundamentals, the details will take care of themselves. It will not present you with long lists of APIs, or intricate details of every attribute, these can be found in reference manuals. It will focus on the details of each language that are fundamental to understanding how they work. This book will guide you through the process of developing a web application using HTML5, Javascript, jQuery and CSS. It contains the following content: 1. An introduction to the HTML5 markup language, and how it differs from HTML4 and XHTML. 2. An introduction to JavaScript, including an in-depth look at its use of objects and functions, along with the design patterns that support the development of robust web applications. 3. An introduction to jQuery selection, traversal, manipulation and events. 4. An in-depth look at the Web storage and IndexedDB APIs for client side data storage. 5. A guide to implementing offline web applications with the Application Cache API. 6. An introduction to the ways JavaScript can interact with the users file-system using the FileReader API. 7. The use of Web Workers in a web application to execute algorithms on background threads. 8. An introduction to AJAX, and the jQuery API supporting AJAX. 9. An introduction to Server Sent Events and Web Sockets. All subjects are introduced in the context of a sample web application. This book is intended for anyone with at least a superficial knowledge of HTML and programming.

    So, why does conventional wisdom insist that software engineers focus primarily on the design and development of large-scale computing systems?In this collection of essays and articles, key members of Google's Site Reliability Team explain how and why their commitment to the entire lifecycle has enabled the company to successfully build, deploy, monitor, and maintain some of the largest software systems in the world. You'll learn the principles and practices that enable Google engineers to make systems more scalable, reliable, and efficient--lessons directly applicable to your organization.This book is divided into four sections: Introduction--Learn what site reliability engineering is and why it differs from conventional IT industry practicesPrinciples--Examine the patterns, behaviors, and areas of concern that influence the work of a site reliability engineer (SRE)Practices--Understand the theory and practice of an SRE's day-to-day work: building and operating large distributed computing systemsManagement--Explore Google's best practices for training, communication, and meetings that your organization can use

    . . . Put this one on your must-have list if you have software, love software, hate programmers, or even ARE a programmer, because Mr. Platt (who teaches programming) has set out to puncture the bloated egos of all those who think that just because they can write a program, they can make it easy to use. . . . This book is funny, but it is also an important wake-up call for software companies that want to reduce the size of their customer support bills. If you were ever stuck for an answer to the question, 'Why do good programmers make such awful software?' this book holds the answer."--John McCormick, Locksmith columnist, TechRepublic.com "I must say first, I don't get many computing manuscripts that make me laugh out loud. Between the laughs, Dave Platt delivers some very interesting insight and perspective, all in a lucid and engaging style. I don't get much of that either!"--Henry Leitner, assistant dean for information technology andsenior lecturer on computer science, Harvard University "A riotous book for all of us downtrodden computer users, written in language that we understand."--Stacy Baratelli, author's barber "David's unique take on the problems that bedevil software creation made me think about the process in new ways. If you care about the quality of the software you create or use, read this book."--Dave Chappell, principal, Chappell & Associates "I began to read it in my office but stopped before I reached the bottom of the first page. I couldn't keep a grin off my face! I'll enjoy it after I go back home and find a safe place to read."--Tsukasa Makino, IT manager "David explains, in terms that my mother-in-law can understand, why the software we use today can be so frustrating, even dangerous at times, and gives us some real ideas on what we can do about it."--Jim Brosseau, Clarrus Consulting Group, Inc. A Book for Anyone Who Uses a Computer Today...and Just Wants to Scream! Today's software sucks. There's no other good way to say it. It's unsafe, allowing criminal programs to creep through the Internet wires into our very bedrooms. It's unreliable, crashing when we need it most, wiping out hours or days of work with no way to get it back. And it's hard to use, requiring large amounts of head-banging to figure out the simplest operations.It's no secret that software sucks. You know that from personal experience, whether you use computers for work or personal tasks. In this book, programming insider David Platt explains why that's the case and, more importantly, why it doesn't have to be that way. And he explains it in plain, jargon-free English that's a joy to read, using real-world examples with which you're already familiar. In the end, he suggests what you, as a typical user, without a technical background, can do about this sad state of our software--how you, as an informed consumer, don't have to take the abuse that bad software dishes out.As you might expect from the book's title, Dave's expose is laced with humor--sometimes outrageous, but always dead on. You'll laugh out loud as you recall incidents with your own software that made you cry. You'll slap your thigh with the same hand that so often pounded your computer desk and wished it was a bad programmer's face. But Dave hasn't written this book just for laughs. He's written it to give long-overdue voice to your own discovery--that software does, indeed, suck, but it shouldn't.

    The Web is awash in Ruby code that is now virtually impossible to change or extend. This text helps you solve that problem by using powerful real-world object-oriented design techniques, which it thoroughly explains using simple and practical Ruby examples. Sandi Metz has distilled a lifetime of conversations and presentations about object-oriented design into a set of Ruby-focused practices for crafting manageable, extensible, and pleasing code. She shows you how to build new applications that can survive success and repair existing applications that have become impossible to change. Each technique is illustrated with extended examples, all downloadable from the companion Web site, poodr.info. The first title to focus squarely on object-oriented Ruby application design, Practical Object-Oriented Design in Ruby will guide you to superior outcomes, whatever your previous Ruby experience. Novice Ruby programmers will find specific rules to live by; intermediate Ruby programmers will find valuable principles they can flexibly interpret and apply; and advanced Ruby programmers will find a common language they can use to lead development and guide their colleagues. This guide will help you Understand how object-oriented programming can help you craft Ruby code that is easier to maintain and upgrade Decide what belongs in a single Ruby class Avoid entangling objects that should be kept separate Define flexible interfaces among objects Reduce programming overhead costs with duck typing Successfully apply inheritance Build objects via composition Design cost-effective tests Solve common problems associated with poorly designed Ruby code

    Identity Theft. Corporate Espionage. National secrets compromised. Can anyone promise security in our digital world?The man who introduced cryptography to the boardroom says no. But in this fascinating read, he shows us how to come closer by developing security measures in terms of context, tools, and strategy. Security is a process, not a product – one that system administrators and corporate executives alike must understand to survive.This edition updated with new information about post-9/11 security.

    This guide is suitable for developers building various kinds of application - including Microsoft[registered] ASP.NET, Windows[registered] Forms, Microsoft[registered] SQL Server[registered], Web services, and console applications.