You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    It guides you step by step from simple tests to tests that are maintainable, readable, and trustworthy. It covers advanced subjects like mocks, stubs, and frameworks such as Typemock Isolator and Rhino Mocks. And you'll learn about advanced test patterns and organization, working with legacy code and even untestable code. The book discusses tools you need when testing databases and other technologies. It's written for .NET developers but others will also benefit from this book.Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book.Table of ContentsThe basics of unit testingA first unit testUsing stubs to break dependenciesInteraction testing using mock objectsIsolation (mock object) frameworksTest hierarchies and organizationThe pillars of good testsIntegrating unit testing into the organizationWorking with legacy code

    Crammed with information about host security, it saved many a UNIX system administrator and user from disaster.This second edition is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. It covers features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. The first edition was practical, entertaining, and full of useful scripts, tips, and warnings. This edition is all those things -- and more.If you are a UNIX system administrator or user in this security-conscious age, you need this book. It's a practical guide that spells out, in readable and entertaining language, the threats, the system vulnerabilities, and the countermeasures you can adopt to protect your UNIX system, network, and Internet connection. It's complete -- covering both host and network security -- and doesn't require that you be a programmer or a UNIX guru to use it.Practical UNIX & Internet Security describes the issues, approaches, and methods for implementing security measures. It covers UNIX basics, the details of security, the ways that intruders can get into your system, and the ways you can detect them, clean up after them, and even prosecute them if they do get in. Filled with practical scripts, tricks, and warnings, Practical UNIX & Internet Security tells you everything you need to know to make your UNIX system as secure as it possible can be.Contents include:Part I: Computer Security Basics. Introduction and security policies. Part II: User Responsibilities. Users and their passwords, groups, the superuser, the UNIX filesystem, and cryptography. Part III: System Administrator Responsibilities. Backups, defending accounts, integrity checking, log files, programmed threats, physical security, and personnel security. Part IV: Network and Internet Security: telephone security, UUCP, TCP/IP networks, TCP/IP services, WWW, RPC, NIS, NIS+, Kerberos, and NFS. Part V: Advanced Topics: firewalls, wrappers, proxies, and secure programming. Part VI: Handling Security Incidents: discovering a breakin, U.S. law, and trust. VII: Appendixes. UNIX system security checklist, important files, UNIX processes, paper and electronic sources, security organizations, and table of IP services.

    The author's take on the essence of Java as a new programming language and the thorough introduction to Java's features make this a worthwhile tutorial. Thinking in Java begins a little esoterically, with the author's reflections on why Java is new and better. (This book's choice of font for chapter headings is remarkably hard on the eyes.) The author outlines his thoughts on why Java will make you a better programmer, without all the complexity. The book is better when he presents actual language features. There's a tutorial to basic Java types, keywords, and operators. The guide includes extensive source code that is sometimes daunting (as with the author's sample code for all the Java operators in one listing.) As such, this text will be most useful for the experienced developer. The text then moves on to class design issues, when to use inheritance and composition, and related topics of information hiding and polymorphism. (The treatment of inner classes and scoping will likely seem a bit overdone for most readers.) The chapter on Java collection classes for both Java Developer's Kit (JDK) 1.1 and the new classes, such as sets, lists, and maps, are much better. There's material in this chapter that you are unlikely to find anywhere else. Chapters on exception handling and programming with type information are also worthwhile, as are the chapters on the new Swing interface classes and network programming. Although it adopts somewhat of a mixed-bag approach, Thinking in Java contains some excellent material for the object-oriented developer who wants to see what all the fuss is about with Java.

    These tools help programmers build compilers and interpreters, but they also have a wider range of applications.The second edition contains completely revised tutorial sections for novice users and reference sections for advanced users. This edition is twice the size of the first and has an expanded index.The following material has been added:Each utility is explained in a chapter that covers basic usage and simple, stand-alone applications How to implement a full SQL grammar, with full sample code Major MS-DOS and Unix versions of lex and yacc are explored in depth, including AT&T lex and yacc, Berkeley yacc, Berkeley/GNU Flex, GNU Bison, MKS lex and yacc, and Abraxas PCYACC

    You'll master the Unity toolset from the ground up, adding the skills you need to go from application coder to game developer. Based on Unity version 5.About the BookThis book helps readers build successful games with the Unity game development platform. You will use the powerful C# language, Unity's intuitive workflow tools, and a state-of-the-art rendering engine to build and deploy mobile, desktop, and console games. Unity's single codebase approach minimizes inefficient switching among development tools and concentrates your attention on making great interactive experiences.Unity in Action teaches you how to write and deploy games. You'll master the Unity toolset from the ground up, adding the skills you need to go from application coder to game developer. Each sample project illuminates specific Unity features and game development strategies. As you read and practice, you'll build up a well-rounded skill set for creating graphically driven 2D and 3D game applications.You'll need to know how to program, in C# or a similar OO language. No previous Unity experience or game development knowledge is assumed.

    If you're an experienced developer looking to solve problems related to objects, functions, inheritance, and other language-specific categories, the abstractions and code templates in this guide are ideal -- whether you're writing a client-side, server-side, or desktop application with JavaScript.Written by JavaScript expert Stoyan Stefanov -- Senior Yahoo! Technical and architect of YSlow 2.0, the web page performance optimization tool -- JavaScript Patterns includes practical advice for implementing each pattern discussed, along with several hands-on examples. You'll also learn about anti-patterns: common programming approaches that cause more problems than they solve.Explore useful habits for writing high-quality JavaScript code, such as avoiding globals, using single var declarations, and moreLearn why literal notation patterns are simpler alternatives to constructor functionsDiscover different ways to define a function in JavaScriptCreate objects that go beyond the basic patterns of using object literals and constructor functionsLearn the options available for code reuse and inheritance in JavaScriptStudy sample JavaScript approaches to common design patterns such as Singleton, Factory, Decorator, and moreExamine patterns that apply specifically to the client-side browser environment

    When Ruby first burst onto the scene in the Western world, the Pragmatic Programmers were there with the definitive reference manual, Programming Ruby: The Pragmatic Programmer's Guide.Now in its second edition, author Dave Thomas has expanded the famous Pickaxe book with over 200 pages of new content, covering all the improved language features of Ruby 1.8 and standard library modules. The Pickaxe contains four major sections:An acclaimed tutorial on using Ruby.The definitive reference to the language.Complete documentation on all built-in classes, modules, and methodsComplete descriptions of all 98 standard libraries.If you enjoyed the First Edition, you'll appreciate the expanded content, including enhanced coverage of installation, packaging, documenting Ruby source code, threading and synchronization, and enhancing Ruby's capabilities using C-language extensions. Programming for the World Wide Web is easy in Ruby, with new chapters on XML/RPC, SOAP, distributed Ruby, templating systems, and other web services. There's even a new chapter on unit testing.This is the definitive reference manual for Ruby, including a description of all the standard library modules, a complete reference to all built-in classes and modules (including more than 250 significant changes since the First Edition). Coverage of other features has grown tremendously, including details on how to harness the sophisticated capabilities of irb, so you can dynamically examine and experiment with your running code. Ruby is a wonderfully powerful and useful language, and whenever I'm working with it this book is at my side --Martin Fowler, Chief Scientist, ThoughtWorks

    You could spend years discovering solutions to them all, step by step as you encounter them. Or you can just look in here. All successful database applications are destined to eventually run into issues scaling up their performance. Peek into the future of your PostgreSQL database's problems today. Know the warning signs to look for, and how to avoid the most common issues before they even happen. Surprisingly, most PostgreSQL database applications evolve in the same way: Choose the right hardware. Tune the operating system and server memory use. Optimize queries against the database, with the right indexes. Monitor every layer, from hardware to queries, using some tools that are inside PostgreSQL and others that are external. Using monitoring insight, continuously rework the design and configuration. On reaching the limits of a single server, break things up; connection pooling, caching, partitioning, and replication can all help handle increasing database workloads. The path to a high performance database system isn't always easy. But it doesn't have to be mysterious with the right guide. This book is a clear, step-by-step guide to optimizing and scaling up PostgreSQL database servers. - Publisher.

    Hacking Exposed Linux provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest security research and shows you, in full detail, how to lock out intruders and defend your Linux systems against catastrophic attacks.Secure Linux by using attacks and countermeasures from the latest OSSTMM researchFollow attack techniques of PSTN, ISDN, and PSDN over LinuxHarden VoIP, Bluetooth, RF, RFID, and IR devices on LinuxBlock Linux signal jamming, cloning, and eavesdropping attacksApply Trusted Computing and cryptography tools for your best defenseFix vulnerabilities in DNS, SMTP, and Web 2.0 servicesPrevent SPAM, Trojan, phishing, DoS, and DDoS exploitsFind and repair errors in C code with static analysis and Hoare Logic

    Written from a computer science perspective by three leading experts in the field, it gives an up-to-date treatment of all aspects of the design and implementation of systems for gathering, indexing, and searching documents; methods for evaluating systems; and an introduction to the use of machine learning methods on text collections. All the important ideas are explained using examples and figures, making it perfect for introductory courses in information retrieval for advanced undergraduates and graduate students in computer science. Based on feedback from extensive classroom experience, the book has been carefully structured in order to make teaching more natural and effective. Although originally designed as the primary text for a graduate or advanced undergraduate course in information retrieval, the book will also create a buzz for researchers and professionals alike.

    The RESTful approach to web services design is rapidly become the approach of choice. Unfortunately, too few people have truly solid REST API design skills, and discussions of REST can become bogged down in dry theory.The REST API Design Handbook is a simple, practical guide to aid software engineers and software architects create lasting, scalable APIs based on REST architectural principles. The book provides a sound foundation in discussing the constraints that define a REST API. It quickly goes beyond that into the practical aspects of implementing such an API in the real world.Written by cloud computing expert George Reese, The REST API Design Handbook reflects hands on work in consuming many different third party APIs as well the development of REST-based web services APIs. It addresses all of the debates the commonly arise while creating these APIs. Subjects covered include:* REST architectural constraints* Using HTTP methods and response codes in an API* Authenticating RESTful API calls* Versioning* Asynchronous Operations* Pagination and Streaming* Polling and Push Notifications* Rate Limiting

    Restructured into six parts, this new edition covers a wide spectrum of software processes from initial requirements solicitation through design and development.

    His walk through the syntax and semantics of JavaScript is both charming and hugely insightful; reminders of gotchas complement realistic use cases, paced at a comfortable curve. You'll find when you finish the book that you've gained a strong and comprehensive sense of mastery." --Paul Irish, developer advocate, Google Chrome "This is not a book for those looking for shortcuts; rather it is hard-won experience distilled into a guided tour. It's one of the few books on JS that I'll recommend without hesitation." --Alex Russell, TC39 member, software engineer, Google In order to truly master JavaScript, you need to learn how to work effectively with the language's flexible, expressive features and how to avoid its pitfalls. No matter how long you've been writing JavaScript code, Effective JavaScript will help deepen your understanding of this powerful language, so you can build more predictable, reliable, and maintainable programs. Author David Herman, with his years of experience on Ecma's JavaScript standardization committee, illuminates the language's inner workings as never before--helping you take full advantage of JavaScript's expressiveness. Reflecting the latest versions of the JavaScript standard, the book offers well-proven techniques and best practices you'll rely on for years to come. Effective JavaScript is organized around 68 proven approaches for writing better JavaScript, backed by concrete examples. You'll learn how to choose the right programming style for each project, manage unanticipated problems, and work more successfully with every facet of JavaScript programming from data structures to concurrency. Key features include Better ways to use prototype-based object-oriented programming Subtleties and solutions for working with arrays and dictionary objects Precise and practical explanations of JavaScript's functions and variable scoping semantics Useful JavaScript programming patterns and idioms, such as options objects and method chaining In-depth guidance on using JavaScript's unique "run-to-completion" approach to concurrency

    Distinct from the details of implementation, algorithm, and data representation, an architecture holds the key to achieving system quality, is a reusable asset that can be applied to subsequent systems, and is crucial to a software organization's business strategy.Drawing on their own extensive experience, the authors cover the essential technical topics for designing, specifying, and validating a system. They also emphasize the importance of the business context in which large systems are designed. Their aim is to present software architecture in a real-world setting, reflecting both the opportunities and constraints that companies encounter. To that end, case studies that describe successful architectures illustrate key points of both technical and organizational discussions.Topics new to this edition include: Architecture design and analysis, including the Architecture Tradeoff Analysis Method (ATAM) Capturing quality requirements and achieving them through quality scenarios and tactics Using architecture reconstruction to recover undocumented architectures Documenting architectures using the Unified Modeling Language (UML) New case studies, including Web-based examples and a wireless Enterprise JavaBeans™ (EJB) system designed to support wearable computers The financial aspects of architectures, including use of the Cost Benefit Analysis Method (CBAM) to make decisions If you design, develop, or manage the building of large software systems (or plan to do so), or if you are interested in acquiring such systems for your corporation or government agency, use Software Architecture in Practice, Second Edition, to get up to speed on the current state of software architecture.