With jokes, puns, and a rigorous problem solving based approach. You can download all the code samples used in the book from here: http://www.robmiles.com/s/Yellow-Book...

    Find out how the Swedish police combined XP, Scrum, and Kanban in a 60-person project. From start to finish, you'll see how to deliver a successful product using Lean principles. We start with an organization in desperate need of a new way of doing things and finish with a group of sixty, all working in sync to develop a scalable, complex system. You'll walk through the project step by step, from customer engagement, to the daily "cocktail party," version control, bug tracking, and release. In this honest look at what works--and what doesn't--you'll find out how to: Make quality everyone's business, not just the testers. Keep everyone moving in the same direction without micromanagement. Use simple and powerful metrics to aid in planning and process improvement. Balance between low-level feature focus and high-level system focus. You'll be ready to jump into the trenches and streamline your own development process.ContentsForewordPrefacePART I: HOW WE WORK1. About the Project1.1 Timeline 51.2 How We Sliced the Elephant 61.3 How We Involved the Customer 72. Structuring the Teams3. Attending the Daily Cocktail Party3.1 First Tier: Feature Team Daily Stand-up3.2 Second Tier: Sync Meetings per Specialty3.3 Third Tier: Project Sync Meeting4. The Project Board4.1 Our Cadences4.2 How We Handle Urgent Issues and Impediments5. Scaling the Kanban Boards6. Tracking the High-Level Goal7. Defining Ready and Done7.1 Ready for Development7.2 Ready for System Test7.3 How This Improved Collaboration 8. Handling Tech Stories8.1 Example 1: System Test Bottleneck8.2 Example 2: Day Before the Release8.3 Example 3: The 7-Meter Class9. Handling Bugs9.1 Continuous System Test9.2 Fix the Bugs Immediately9.3 Why We Limit the Number of Bugs in the Bug Tracker9.4 Visualizing Bugs9.5 Preventing Recurring Bugs10. Continuously Improving the Process10.1 Team Retrospectives10.2 Process Improvement Workshops10.3 Managing the Rate of Change11. Managing Work in Progress11.1 Using WIP Limits11.2 Why WIP Limits Apply Only to Features12. Capturing and Using Process Metrics12.1 Velocity (Features per Week)12.2 Why We Don’t Use Story Points12.3 Cycle Time (Weeks per Feature)12.4 Cumulative Flow12.5 Process Cycle Efficiency13. Planning the Sprint and Release13.1 Backlog Grooming13.2 Selecting the Top Ten Features13.3 Why We Moved Backlog Grooming Out of the Sprint Planning Meeting13.4 Planning the Release14. How We Do Version Control14.1 No Junk on the Trunk14.2 Team Branches14.3 System Test Branch15. Why We Use Only Physical Kanban Boards16. What We Learned16.1 Know Your Goal16.2 Experiment16.3 Embrace Failure16.4 Solve Real Problems16.5 Have Dedicated Change Agents16.6 Involve PeoplePART II: A CLOSER LOOK AT THE TECHNIQUES 17. Agile and Lean in a Nutshell17.1 Agile in a Nutshell17.2 Lean in a Nutshell17.3 Scrum in a Nutshell17.4 XP in a Nutshell17.5 Kanban in a Nutshell18. Reducing the Test Automation Backlog18.1 What to Do About It18.2 How to Improve Test Coverage a Little Bit Each Iteration18.3 Step 1: List Your Test Cases18.4 Step 2: Classify Each Test18.5 Step 3: Sort the List in Priority Order18.6 Step 4: Automate a Few Tests Each Iteration18.7 Does This Solve the Problem?19. Sizing the Backlog with Planning Poker19.1 Estimating Without Planning Poker19.2 Estimating with Planning Poker19.3 Special Cards20. Cause-Effect Diagrams20.1 Solve Problems, Not Symptoms20.2 The Lean Problem-Solving Approach: A3 Thinking20.3 How to Use Cause-Effect Diagrams20.4 Example 1: Long Release Cycle20.5 Example 2: Defects Released to Production20.6 Example 3: Lack of Pair Programming20.7 Example 4: Lots of Problems20.8 Practical Issues: How to Create and Maintain the Diagrams20.9 Pitfalls20.10 Why Use Cause-Effect Diagrams?21. Final WordsA1. Glossary: How We Avoid Buzzword BingoIndex

    The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    A pocket-sized overview of roles, artifacts and the sprint cycle, adapted from the bestseller The Elements of Scrum by Chris Sims & Hillary Louise Johnson

    Web-based companies live or die by the ability to scale their infrastructure to accommodate increasing demand. This book is a hands-on and practical guide to planning for such growth, with many techniques and considerations to help you plan, deploy, and manage web application infrastructure.The Art of Capacity Planning is written by the manager of data operations for the world-famous photo-sharing site Flickr.com, now owned by Yahoo! John Allspaw combines personal anecdotes from many phases of Flickr's growth with insights from his colleagues in many other industries to give you solid guidelines for measuring your growth, predicting trends, and making cost-effective preparations. Topics include:Evaluating tools for measurement and deployment Capacity analysis and prediction for storage, database, and application servers Designing architectures to easily add and measure capacity Handling sudden spikes Predicting exponential and explosive growth How cloud services such as EC2 can fit into a capacity strategy In this book, Allspaw draws on years of valuable experience, starting from the days when Flickr was relatively small and had to deal with the typical growth pains and cost/performance trade-offs of a typical company with a Web presence. The advice he offers in The Art of Capacity Planning will not only help you prepare for explosive growth, it will save you tons of grief.