Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    To grow professionally, you also need soft skills and effective learning techniques. Honing those skills is what this book is all about. Authors Dave Hoover and Adewale Oshineye have cataloged dozens of behavior patterns to help you perfect essential aspects of your craft. Compiled from years of research, many interviews, and feedback from O'Reilly's online forum, these patterns address difficult situations that programmers, administrators, and DBAs face every day. And it's not just about financial success. Apprenticeship Patterns also approaches software development as a means to personal fulfillment. Discover how this book can help you make the best of both your life and your career. Solutions to some common obstacles that this book explores in-depth include:Burned out at work? "Nurture Your Passion" by finding a pet project to rediscover the joy of problem solving.Feeling overwhelmed by new information? Re-explore familiar territory by building something you've built before, then use "Retreat into Competence" to move forward again.Stuck in your learning? Seek a team of experienced and talented developers with whom you can "Be the Worst" for a while. "Brilliant stuff! Reading this book was like being in a time machine that pulled me back to those key learning moments in my career as a professional software developer and, instead of having to learn best practices the hard way, I had a guru sitting on my shoulder guiding me every step towards master craftsmanship. I'll certainly be recommending this book to clients. I wish I had this book 14 years ago!" -Russ Miles, CEO, OpenCredo

    Salesforce.com (more than 50%) and Twitter (more than 75% fall into this category. Ebay gets more than 8 billion API calls a month. Facebook and Google, have dozens of APIs that enable both free services and e-commerce, get more than 5 billion API calls each day. Other companies like NetFlix have expanded their service of streaming movies over the the web to dozens of devices using API. At peak times, more than 20 percent of all traffic is accounted for by Netflix through its APIs. Companies like Sears and E-Trade are opening up their catalogs and other services to allow developers and entrepreneurs to create new marketing experiences. Making an API work to create a new channel is not just a matter of technology. An API must be considered in terms of business strategy, marketing, and operations as well as the technical aspects of programming. This book, written by Greg Brail, CTO of Apigee, and Brian Mulloy, VP of Products, captures the knowledge of all these areas gained by Apigee, the leading company in supporting the rollout of high traffic APIs.

    With the 97 short and extremely useful tips for programmers in this book, you'll expand your skills by adopting new approaches to old problems, learning appropriate best practices, and honing your craft through sound advice.With contributions from some of the most experienced and respected practitioners in the industry--including Michael Feathers, Pete Goodliffe, Diomidis Spinellis, Cay Horstmann, Verity Stob, and many more--this book contains practical knowledge and principles that you can apply to all kinds of projects.A few of the 97 things you should know:"Code in the Language of the Domain" by Dan North"Write Tests for People" by Gerard Meszaros"Convenience Is Not an -ility" by Gregor Hohpe"Know Your IDE" by Heinz Kabutz"A Message to the Future" by Linda Rising"The Boy Scout Rule" by Robert C. Martin (Uncle Bob)"Beware the Share" by Udi Dahan

    The Mikado Method is a process for surfacing the dependencies in a codebase, so that you can systematically eliminate technical debt and get things done.It gets its name from a simple game commonly known as "pick-up sticks." You start with a jumbled pile of sticks. The goal is to remove the Mikado, or Emperor, stick without disturbing the others. Players carefully remove sticks one at a time, leaving the rest of the heap intact, slowly exposing the Mikado. The game is a great metaphor for eliminating technical debt—carefully extracting each intertwined dependency until you're able to successfully resolve the central issue and move on.The Mikado Method is a book by the creators of this process. It describes a pragmatic, straightforward, and empirical method to plan and perform non-trivial technical improvements on an existing software system. The method has simple rules, but the applicability is vast. As you read, you'll practice a step-by-step system for identifying the scope and nature of your technical debt, mapping the key dependencies, and determining the safest way to approach the "Mikado"-your goal. A natural byproduct of this process is the Mikado Graph, a minimalistic, relevant, just-in-time roadmap and information radiator that reflects deep understanding of how your system works.

    How has Google done it? Veteran technology reporter Steven Levy was granted unprecedented access to the company, and in this revelatory book he takes readers inside Google headquarters—the Googleplex—to show how Google works.While they were still students at Stanford, Google cofounders Larry Page and Sergey Brin revolutionized Internet search. They followed this brilliant innovation with another, as two of Google’s earliest employees found a way to do what no one else had: make billions of dollars from Internet advertising. With this cash cow, Google was able to expand dramatically and take on other transformative projects: more efficient data centers, open-source cell phones, free Internet video (YouTube), cloud computing, digitizing books, and much more.The key to Google’s success in all these businesses, Levy reveals, is its engineering mind-set and adoption of such Internet values as speed, openness, experimentation, and risk taking. After its unapologetically elitist approach to hiring, Google pampers its engineers—free food and dry cleaning, on-site doctors and masseuses—and gives them all the resources they need to succeed. Even today, with a workforce of more than 23,000, Larry Page signs off on every hire.But has Google lost its innovative edge? With its newest initiative, social networking, Google is chasing a successful competitor for the first time. Some employees are leaving the company for smaller, nimbler start-ups. Can the company that famously decided not to be evil still compete?No other book has ever turned Google inside out as Levy does with In the Plex.

    It is written in a conversational tone, doesn't take itself too seriously, and avoids extraneous fluff."- Eric Ries, Author & Creator of the Lean Startup methodology"Get the CustDev book to dive deep into customer interviews and understand how your product can be developed to meet your customers' needs."- Dan Martell, Founder of Flowtown, angel investorCustomer Development is a four-step framework for helping startups discover and validate their customers, product, and go-to-market strategy, developed by Steve Blank and an integral part of Eric Ries' Lean Startup methodology. Focused on the Customer Discovery step, The Entrepreneur's Guide to Customer Development is an easy to follow guide for finding early adopters, building a Minimum Viable Product, finding Product-Market fit, and establishing a sales and marketing roadmap.Deemed a "must-read" by Steve Blank and Eric Ries, inside you will find detailed customer development and lean startup concept definitions, a step-by-step approach to best practices, a business model analysis guide, case studies, rich graphics, as well as worksheets and exercises. No matter the stage of your business, you will return often to this guide to learn how to build a product people want;"get out of the building;" foster strong customer relationships; test business model risk; reach out to early adopters; conduct startup marketing; create a customer funnel based on buyers' process; and prepare your startup to scale up.The Entrepreneur's Guide to Customer Development: A Cheat Sheet to The Four Steps to the Epiphany, affectionately known as the "CustDev book," serves as course text for classes at Stanford University, University of Chicago, Boston University, DePaul University, University of Minnesota and University of Norway."Our UCL (University College London) students love The Entrepreneur's Guide to Customer Development. Thanks to Brant & Patrick for writing this helpful book. "- Dave Chapman, Deputy Head of the Department of Management Science and Innovation at UCL (University College London)"Love it! Required reading for all NYU entrepreneurs."- Frank Rimalovski, Managing Director of NYU Innovation Venture FundThis book is both an introduction for those unfamiliar with lean concepts and highly actionable for lean practitioners. It is a user friendly guide, written to be accessible to marketing professionals, Engineers startup founders and entrepreneurs, VCs, angels, and anyone else involved in building scalable startups.Existing companies will benefit to from applying Customer Development principles described in detail herein: for example, startups struggling to achieve market traction, or well established companies seeking to spark new innovation.This is a business book for startups like no other. No fluff, but rather sound principles and concrete steps to take to build your business. Get up to speed on Customer Development now.

    With this practical book, you’ll learn how to design effective microinteractions: the small details that exist inside and around features. How can users change a setting? How do they turn on mute, or know they have a new email message?Through vivid, real-world examples from today’s devices and applications, author Dan Saffer walks you through a microinteraction’s essential parts, then shows you how to use them in a mobile app, a web widget, and an appliance. You’ll quickly discover how microinteractions can change a product from one that’s tolerated into one that’s treasured.Explore a microinteraction’s structure: triggers, rules, feedback, modes, and loopsLearn the types of triggers that initiate a microinteractionCreate simple rules that define how your microinteraction can be usedHelp users understand the rules with feedback, using graphics, sounds, and vibrationsUse modes to let users set preferences or modify a microinteractionExtend a microinteraction’s life with loops, such as “Get data every 30 seconds”

    The book details agile principles, roles, managerial practices, technical practices and artifacts, offering a complete review that will help readers master all the important agile ideas.

    It covers six principles of Agile Project Management; its five phases: envision, speculate, explore, adapt, close; and, APM practices.

    Significant numbers of poorly designed programs have been created by less-experienced developers, resulting in applications that are inefficient and hard to maintain and extend. Increasingly, software system professionals are discovering just how difficult it is to work with these inherited, non-optimal applications. For several years, expert-level object programmers have employed a growing collection of techniques to improve the structural integrity and performance of such existing software programs. Referred to as refactoring, these practices have remained in the domain of experts because no attempt has been made to transcribe the lore into a form that all developers could use... until now. In Refactoring: Improving the Design of Existing Software, renowned object technology mentor Martin Fowler breaks new ground, demystifying these master practices and demonstrating how software practitioners can realize the significant benefits of this new process.

    Get the most out of BDD in Ruby with The RSpec Book, written by the lead developer of RSpec, David Chelimsky. You'll get started right away with RSpec 2 and Cucumber by developing a simple game, using Cucumber to express high-level requirements in language your customer understands, and RSpec to express more granular requirements that focus on the behavior of individual objects in the system. You'll learn how to use test doubles (mocks and stubs) to control the environment and focus the RSpec examples on one object at a time, and how to customize RSpec to "speak" in the language of your domain. You'll develop Rails 3 applications and use companion tools such as Webrat and Selenium to express requirements for web applications both in memory and in the browser. And you'll learn to specify Rails views, controllers, and models, each in complete isolation from the other. Whether you're developing applications, frameworks, or the libraries that power them, The RSpec Book will help you write better code, better tests, and deliver better software to happier users.

     With a foreword by Larry Page, and contributions from Bono and Bill Gates. Measure What Matters is about using Objectives and Key Results (OKRs), a revolutionary approach to goal-setting, to make tough choices in business. In 1999, legendary venture capitalist John Doerr invested nearly $12 million in a startup that had amazing technology, entrepreneurial energy and sky-high ambitions, but no real business plan. Doerr introduced the founders to OKRs and with them at the foundation of their management, the startup grew from forty employees to more than 70,000 with a market cap exceeding $600 billion. The startup was Google. Since then Doerr has introduced OKRs to more than fifty companies, helping tech giants and charities exceed all expectations. In the OKR model objectives define what we seek to achieve and key results are how those top­ priority goals will be attained. OKRs focus effort, foster coordination and enhance workplace satisfaction. They surface an organization's most important work as everyone's goals from entry-level to CEO are transparent to the entire institution. In Measure What Matters, Doerr shares a broad range of first-person, behind-the-scenes case studies, with narrators including Bono and Bill Gates, to demonstrate the focus, agility, and explosive growth that OKRs have spurred at so many great organizations. This book will show you how to collect timely, relevant data to track progress - to measure what matters. It will help any organization or team aim high, move fast, and excel.

    Kanban leverages visual management techniques to involve stakeholders and to facilitate understanding of how the work works. Through limiting the amount of work in process, and by focusing on finishing that work as soon as possible, kanban helps you to adjust demand to capacity, to reduce lead times and to create a driver for continuous improvement.Kanban in Action is a down-to-earth, no-frills, get-to-know-the-ropes introduction to kanban. It's based on the real-world experience and observations from two kanban coaches who have introduced this process to dozens of teams. In this book, you'll discover basic but powerful techniques on how to visualize and track work, how to construct a kanban board, how to visualize queues and bottlenecks, and much much more. You'll learn the principles of why kanban works as well as nitty-gritty details like how to use different color stickies to help you organize and track your work items.

    Yet, chances are, you aren’t formally trained in managing projects—you’re an unofficial project manager.FranklinCovey experts Kory Kogon, Suzette Blakemore, and James Wood understand the importance of leadership in project completion and explain that people are crucial in the formula for success.Project Management for the Unofficial Project Manager offers practical, real-world insights for effective project management and guides you through the essentials of the people and project management process:InitiatePlanExecuteMonitor/ControlCloseUnofficial project managers in any arena will benefit from the accessible, engaging real-life anecdotes, memorable “Project Management Proverbs,” and quick reviews at the end of each chapter.If you’re struggling to keep your projects organized, this book is for you. If you manage projects without the benefit of a team, this book is also for you. Change the way you think about project management—"project manager" may not be your official title or necessarily your dream job, but with the right strategies, you can excel.