NOTE: this Alpha Edition is missing some chapters and may contain errors. See http://saasbook.info for details.

    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

    Crammed with information about host security, it saved many a UNIX system administrator and user from disaster.This second edition is a complete rewrite of the original book. It's packed with twice the pages and offers even more practical information for UNIX users and administrators. It covers features of many types of UNIX systems, including SunOS, Solaris, BSDI, AIX, HP-UX, Digital UNIX, Linux, and others. The first edition was practical, entertaining, and full of useful scripts, tips, and warnings. This edition is all those things -- and more.If you are a UNIX system administrator or user in this security-conscious age, you need this book. It's a practical guide that spells out, in readable and entertaining language, the threats, the system vulnerabilities, and the countermeasures you can adopt to protect your UNIX system, network, and Internet connection. It's complete -- covering both host and network security -- and doesn't require that you be a programmer or a UNIX guru to use it.Practical UNIX & Internet Security describes the issues, approaches, and methods for implementing security measures. It covers UNIX basics, the details of security, the ways that intruders can get into your system, and the ways you can detect them, clean up after them, and even prosecute them if they do get in. Filled with practical scripts, tricks, and warnings, Practical UNIX & Internet Security tells you everything you need to know to make your UNIX system as secure as it possible can be.Contents include:Part I: Computer Security Basics. Introduction and security policies. Part II: User Responsibilities. Users and their passwords, groups, the superuser, the UNIX filesystem, and cryptography. Part III: System Administrator Responsibilities. Backups, defending accounts, integrity checking, log files, programmed threats, physical security, and personnel security. Part IV: Network and Internet Security: telephone security, UUCP, TCP/IP networks, TCP/IP services, WWW, RPC, NIS, NIS+, Kerberos, and NFS. Part V: Advanced Topics: firewalls, wrappers, proxies, and secure programming. Part VI: Handling Security Incidents: discovering a breakin, U.S. law, and trust. VII: Appendixes. UNIX system security checklist, important files, UNIX processes, paper and electronic sources, security organizations, and table of IP services.

    Itzik Ben-Gan explains key T-SQL concepts and helps you apply your knowledge with hands-on exercises. The book first introduces T-SQL's roots and underlying logic. Next, it walks you through core topics such as single-table queries, joins, subqueries, table expressions, and set operators. Then the book covers more-advanced data-query topics such as window functions, pivoting, and grouping sets. The book also explains how to modify data, work with temporal tables, and handle transactions, and provides an overview of programmable objects. Microsoft Data Platform MVP Itzik Ben-Gan shows you how to: Review core SQL concepts and its mathematical roots Create tables and enforce data integrity Perform effective single-table queries by using the SELECT statement Query multiple tables by using joins, subqueries, table expressions, and set operators Use advanced query techniques such as window functions, pivoting, and grouping sets Insert, update, delete, and merge data Use transactions in a concurrent environment Get started with programmable objects-from variables and batches to user-defined functions, stored procedures, triggers, and dynamic SQL

    The Web is awash in Ruby code that is now virtually impossible to change or extend. This text helps you solve that problem by using powerful real-world object-oriented design techniques, which it thoroughly explains using simple and practical Ruby examples. Sandi Metz has distilled a lifetime of conversations and presentations about object-oriented design into a set of Ruby-focused practices for crafting manageable, extensible, and pleasing code. She shows you how to build new applications that can survive success and repair existing applications that have become impossible to change. Each technique is illustrated with extended examples, all downloadable from the companion Web site, poodr.info. The first title to focus squarely on object-oriented Ruby application design, Practical Object-Oriented Design in Ruby will guide you to superior outcomes, whatever your previous Ruby experience. Novice Ruby programmers will find specific rules to live by; intermediate Ruby programmers will find valuable principles they can flexibly interpret and apply; and advanced Ruby programmers will find a common language they can use to lead development and guide their colleagues. This guide will help you Understand how object-oriented programming can help you craft Ruby code that is easier to maintain and upgrade Decide what belongs in a single Ruby class Avoid entangling objects that should be kept separate Define flexible interfaces among objects Reduce programming overhead costs with duck typing Successfully apply inheritance Build objects via composition Design cost-effective tests Solve common problems associated with poorly designed Ruby code

    Simultaneously becoming more user friendly and more powerful as a back-end system, Linux has achieved new plateaus: the newer filesystems have solidified, new commands and tools have appeared and become standard, and the desktop--including new desktop environments--have proved to be viable, stable, and readily accessible to even those who don't consider themselves computer gurus. Whether you're using Linux for personal software projects, for a small office or home office (often termed the SOHO environment), to provide services to a small group of colleagues, or to administer a site responsible for millions of email and web connections each day, you need quick access to information on a wide range of tools. This book covers all aspects of administering and making effective use of Linux systems. Among its topics are booting, package management, and revision control. But foremost in Linux in a Nutshell are the utilities and commands that make Linux one of the most powerful and flexible systems available.Now in its fifth edition, Linux in a Nutshell brings users up-to-date with the current state of Linux. Considered by many to be the most complete and authoritative command reference for Linux available, the book covers all substantial user, programming, administration, and networking commands for the most common Linux distributions.Comprehensive but concise, the fifth edition has been updated to cover new features of major Linux distributions. Configuration information for the rapidly growing commercial network services and community update services is one of the subjects covered for the first time.But that's just the beginning. The book covers editors, shells, and LILO and GRUB boot options. There's also coverage of Apache, Samba, Postfix, sendmail, CVS, Subversion, Emacs, vi, sed, gawk, and much more. Everything that system administrators, developers, and power users need to know about Linux is referenced here, and they will turn to this book again and again.

    It won’t crush you. It’s light as a feather (because I haven’t finished it yet—hehe). And there’s a reason this book will stay light: because Ruby is simple to learn.[Why’s (Poignant) Guide to Ruby is released under the Attribution-ShareAlike License. So, yes, please distribute it and print it and read it leisurely in your housecoat.]

    Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.

    As traffic volume and data demands increase, these applications become more complicated and brittle, exposing risks and compromising availability. This practical guide shows IT, devops, and system reliability managers how to prevent an application from becoming slow, inconsistent, or downright unavailable as it grows.Scaling isn't just about handling more users; it's also about managing risk and ensuring availability. Author Lee Atchison provides basic techniques for building applications that can handle huge quantities of traffic, data, and demand without affecting the quality your customers expect.In five parts, this book explores:Availability: learn techniques for building highly available applications, and for tracking and improving availability going forwardRisk management: identify, mitigate, and manage risks in your application, test your recovery/disaster plans, and build out systems that contain fewer risksServices and microservices: understand the value of services for building complicated applications that need to operate at higher scaleScaling applications: assign services to specific teams, label the criticalness of each service, and devise failure scenarios and recovery plansCloud services: understand the structure of cloud-based services, resource allocation, and service distribution

    By following the recommendations of the Association of Computing Machinery's Java Task Force, this first edition text adopts a modern objects-first approach that introduces readers to useful hierarchies from the very beginning.KEY TOPICS: Introduction; Programming by Example; Expressions; Statement Forms; Methods; Objects and Classes; Objects and Memory; Strings and Characters; Object-Oriented Graphics; Event-Driven Programs; Arrays and ArrayLists; Searching and Sorting; Collection Classes; Looking Ahead.MARKET: A modern objects-first approach to the Java programming language that introduces readers to useful class hierarchies from the very beginning.

    Windows 10 (a free update to users of Windows 8 or Windows 7) fixes a number of the problems introduced by the revolution in Windows 8 and offers plenty of new features, such as the new Spartan web browser, Cortana voice-activated "personal assistant," new universal apps (that run on tablet, phone, and computer), and more. But to really get the most out of the new operating system, you're going to need a guide.Thankfully, Windows 10: The Missing Manual will be there to help. Like its predecessors, this book from the founder of Yahoo Tech, previous New York Times columnist, bestselling author, and Missing Manuals creator David Pogue illuminates its subject with technical insight, plenty of wit, and hardnosed objectivity for beginners, veteran standalone PC users, new tablet owners, and those who know their way around a network.

    You'll learn how sophisticated hackers working on behalf of states or organized crime patiently play a high-stakes game that could target anyone, regardless of affiliation or nationality.Inside Cyber Warfare goes beyond the headlines of attention-grabbing DDoS attacks and takes a deep look inside multiple cyber-conflicts that occurred from 2002 through summer 2009.Learn how cyber attacks are waged in open conflicts, including recent hostilities between Russia and Georgia, and Israel and PalestineDiscover why Twitter, Facebook, LiveJournal, Vkontakte, and other sites on the social web are mined by the intelligence services of many nationsRead about China's commitment to penetrate the networks of its technologically superior adversaries as a matter of national survivalFind out why many attacks originate from servers in the United States, and who's responsibleLearn how hackers are "weaponizing" malware to attack vulnerabilities at the application level

     Test-Driven JavaScript Development is a complete, best-practice guide to agile JavaScript testing and quality assurance with the test-driven development (TDD) methodology. Leading agile JavaScript developer Christian Johansen covers all aspects of applying state-of-the-art automated testing in JavaScript environments, walking readers through the entire development lifecycle, from project launch to application deployment, and beyond.Using real-life examples driven by unit tests, Johansen shows how to use TDD to gain greater confidence in your code base, so you can fearlessly refactor and build more robust, maintainable, and reliable JavaScript code at lower cost. Throughout, he addresses crucial issues ranging from code design to performance optimization, offering realistic solutions for developers, QA specialists, and testers.Coverage includes - Understanding automated testing and TDD - Building effective automated testing workflows - Testing code for both browsers and servers (using Node.js) - Using TDD to build cleaner APIs, better modularized code, and more robust software - Writing testable code - Using test stubs and mocks to test units in isolation - Continuously improving code through refactoring - Walking through the construction and automated testing of fully functional softwareThe accompanying Web site, tddjs.com, contains all of the book's code listings and additional resources.

    It describes the Disciplined Agile Delivery (DAD) process decision framework and then works through a case study describing a typical agile team’s experiences adopting a disciplined agile approach. The book describes how the team develops the first release of a mission-critical application while working in a legacy enterprise environment. It describes their experiences from beginning-to-end, starting with their initial team initiation efforts through construction and finally to deploying the solution into production. It also describes how the team stays together for future releases, overviewing their process improvement efforts from their Scrum-based beginnings through to a lean continuous delivery approach that fits in with their organization’s evolving DevOps strategy. The DAD framework is a hybrid of existing methods such as Scrum, Kanban, Agile Modeling, SAFe, Extreme Programming, Agile Data, Unified Process and many others. DAD provides the flexibility to use various approaches and plugs the gaps not addressed by mainstream agile methods. In a nutshell, DAD is “pragmatic agile.” DAD describes proven strategies to adapt and scale your agile initiatives to suit the unique realities of your enterprise without having to figure it all out by yourself. Here’s an overview of what each chapter covers: * Chapter 1: Introduction. This chapter provides a quick overview of the book and a brief history of Disciplined Agile. * Chapter 2: Reality over Rhetoric. This chapter explores several common myths about DAD and more importantly disproves them. * Chapter 3: Disciplined Agile Delivery in a Nutshell. This chapter provides a brief yet comprehensive overview of the DAD framework. * Chapter 4: Introduction to the Case Study. This chapter introduces us to the team, describes the market opportunity that they hope to address, and describes the environment in which they’re working. * Chapter 5: Inception. The team’s initiation effort includes initial requirements modeling and planning with their stakeholders in a streamlined manner, initial architecture modeling, setting up their physical work environment, setting up the start of their tooling infrastructure, initial risk identification, and finally securing stakeholder support and funding for the rest of the first release. * Chapters 6 through 10: Construction. These chapters each describe a single Construction iteration, sharing the team’s experiences during each of those two-week timeboxes. * Chapter 11: Transition. The two-week transition phase focuses on final testing and fixing, training the support/help-desk staff, finishing a few short end-user “how to” videos, and deploying the solution into production. * Chapter 12: Future Releases. This chapter overviews the team’s improvement efforts over the next few releases, describing how they evolve from the agile Scrum-based lifecycle to a leaner approach and eventually to continuous delivery. * Chapter 13: Closing Thoughts. This chapter overviews the disciplined agile resources that are available to you. * Appendix: The Disciplined Agile IT Department. This short appendix overviews our ongoing work on the Disciplined Agile framework to address the full scope of an IT department. At 102 pages, you should find this book to be a quick, informative read.

    This Self-Paced Training Kit is designed to help maximize your performance on 70-680, the required exam for the Microsoft Certified Technology Specialist (MCTS): Windows 7, Configuration certification.This 2-in-1 kit includes the official Microsoft study guide, plus practice tests on CD to help you assess your skills. It comes packed with the tools and features exam candidates want most—including in-depth, self-paced training based on final exam content; rigorous, objective-by-objective review; exam tips from expert, exam-certified authors; and customizable testing options. It also provides real-world scenarios, case study examples, and troubleshooting labs to give you the skills and expertise you can use on the job.Work at your own pace through the lessons and lab exercises. This official study guide covers installing, upgrading, and migrating to Windows 7; configuring network connectivity, applications, and devices; implementing backup and recovery; configuring User Account Control (UAC), mobility options, and new features such as DirectAccess and BranchCache; and managing system updates.Then assess yourself using the 200 practice questions on CD, featuring multiple customizable testing options to meet your specific needs. Choose timed or untimed testing mode, generate random tests, or focus on discrete objectives. You get detailed explanations for right and wrong answers—including pointers back to the book for further study. You also get an exam discount voucher—making this kit an exceptional value and a great career investment.