Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    But which claims are verifiable, and which are merely wishful thinking? In this book, leading thinkers such as Steve McConnell, Barry Boehm, and Barbara Kitchenham offer essays that uncover the truth and unmask myths commonly held among the software development community. Their insights may surprise you.Are some programmers really ten times more productive than others?Does writing tests first help you develop better code faster?Can code metrics predict the number of bugs in a piece of software?Do design patterns actually make better software?What effect does personality have on pair programming?What matters more: how far apart people are geographically, or how far apart they are in the org chart?Contributors include:Jorge Aranda Tom Ball Victor R. Basili Andrew Begel Christian Bird Barry Boehm Marcelo Cataldo Steven Clarke Jason Cohen Robert DeLine Madeline Diep Hakan Erdogmus Michael Godfrey Mark Guzdial Jo E. Hannay Ahmed E. Hassan Israel Herraiz Kim Sebastian Herzig Cory Kapser Barbara Kitchenham Andrew Ko Lucas Layman Steve McConnell Tim Menzies Gail Murphy Nachi Nagappan Thomas J. Ostrand Dewayne Perry Marian Petre Lutz Prechelt Rahul Premraj Forrest Shull Beth Simon Diomidis Spinellis Neil Thomas Walter Tichy Burak Turhan Elaine J. Weyuker Michele A. Whitecraft Laurie Williams Wendy M. Williams Andreas Zeller Thomas Zimmermann

    Be part of the solution. With this practical book, you'll learn 10 easy-to-follow guidelines for delivering software that's easy to maintain and adapt. These guidelines have been derived from analyzing hundreds of real-world systems.Written by consultants from the Software Improvement Group (SIG), this book provides clear and concise explanations, with advice for turning the guidelines into practice. Examples are written in Java, but this guide is equally useful for developers working in other programming languages.10 Coding Guidelines- Write short units of code: limit the length of methods and constructors- Write simple units of code: limit the number of branch points per method- Write code once, rather than risk copying buggy code- Keep unit interfaces small by extracting parameters into objects- Separate concerns to avoid building large classes- Couple architecture components loosely- Balance the number and size of top-level components in your code- Keep your codebase as small as possible- Automate tests for your codebase- Write clean code, avoiding "code smells" that indicate deeper problemsWhy you should read this bookTaken in isolation, the guidelines presented in this book are well-known. In fact, many well-known tools for code analysis check a number of the guidelines presented here. The following three characteristics set this book apart from other books on software development: We have selected the ten most important guidelines from experience.We teach how to comply with these ten guidelines.We present statistics and examples from real-world systems.This book is part our Training on Software Maintainability - and subsequent Certification on Quality Software Development program. For more information about this program, please contact training@sig.eu.

    With this book, you'll get a candid and insightful look at how software is constructed and maintained by some of the world's leading practitioners.Titus Winters, Tom Manshreck, and Hyrum K. Wright, software engineers and a technical writer at Google, reframe how software engineering is practiced and taught: from an emphasis on programming to an emphasis on software engineering, which roughly translates to programming over time.You'll learn:Fundamental differences between software engineering and programmingHow an organization effectively manages a living codebase and efficiently responds to inevitable changeWhy culture (and recognizing it) is important, and how processes, practices, and tools come into play

    Advocates of NoSQL databases claim they can be used to build systems that are more performant, scale better, and are easier to program." ""NoSQL Distilled" is a concise but thorough introduction to this rapidly emerging technology. Pramod J. Sadalage and Martin Fowler explain how NoSQL databases work and the ways that they may be a superior alternative to a traditional RDBMS. The authors provide a fast-paced guide to the concepts you need to know in order to evaluate whether NoSQL databases are right for your needs and, if so, which technologies you should explore further. The first part of the book concentrates on core concepts, including schemaless data models, aggregates, new distribution models, the CAP theorem, and map-reduce. In the second part, the authors explore architectural and design issues associated with implementing NoSQL. They also present realistic use cases that demonstrate NoSQL databases at work and feature representative examples using Riak, MongoDB, Cassandra, and Neo4j. In addition, by drawing on Pramod Sadalage's pioneering work, "NoSQL Distilled" shows how to implement evolutionary design with schema migration: an essential technique for applying NoSQL databases. The book concludes by describing how NoSQL is ushering in a new age of Polyglot Persistence, where multiple data-storage worlds coexist, and architects can choose the technology best optimized for each type of data access.

    Monkey has been specifically designed for this book: it's a language that looks a lot like C, has first class functions, closures, strings, hashes and arrays and its only implementation is the one we build in the book.In contrast to text books on interpreters & compilers, the focus of this book is working code. Code is not just found in the appendix -- no, nearly every page contains a snippet! And not only that, but also tests. The code presented in the book is fully tested and the test suite is included.For more information, check out: http://interpreterbook.com/

    From sussing out the best deals and financing your investment to organising your taxes and dealing with tenants, it's all here - helping you to make more money with less stress.Among the 100 curated, carefully organised property investment tips in this book, you'll learn: Why you're doing your calculations all wrong How to use leverage to multiply your returns How to delegate The realistic alternatives to buy-to-let Why - and how - to buy below market value How to compete when you're constantly priced out by other buyers Ways to add value How to win at auctions Why you should get over your fear of interest-only mortgages What counts as an "expense" - and how to claim it A ton of nifty property investment tips, tricks and hacks for sourcing, financing and managing your propertyThe tips are organised into the following sections: Get started in property investment Find a deal Finance your investment Deal with tenants and management Focus on your strategy and goals Sort out your tax and accounts Tips, tricks and hacksWhatever your level of experience, you're sure to find some great new ideas to make you a more effective property investor.

    While equipping you with the minimum of theory, GUI expert Jeff Johnson presents the reality of interface design in an entertaining, anecdotal, and instructive way. * Updated to reflect the bloopers that are common today, incorporating many comments and suggestions from first edition readers. * Takes a learn-by-example approach that teaches how to avoid common errors. * Covers bloopers in a wide range of categories: GUI controls, graphic design and layout, text messages, interaction strategies, Web site design -- including search, link, and navigation, responsiveness issues, and management decision-making. * Organized and formatted so information needed is quickly found, the new edition features call-outs for the examples and informative captions to enhance quick knowledge building. * Hundreds of illustrations: both the DOs and the DON'Ts for each topic covered, with checklists and additional bloopers on www.gui-bloopers.com.

    But there is more power waiting to be unlockedJavaScript is capable of full objectoriented capabilities, and by applyingobject-oriented principles, best practices, and design patterns to your code, you can make it more powerful, more efficient, and easier to work with alone or as part of a team.With Pro JavaScript Design Patterns, you'll start with the basics of objectoriented programming in JavaScript applicable to design patterns, including making JavaScript more expressive, inheritance, encapsulation, information hiding, and more. With that covered, you can kickstart your JavaScript development in the second part of the book, where you'll find detail on how to implement and take advantage of several design patterns in JavaScript, including composites, decorators, facades, adapters, and many more.Each chapter is packed with realworld examples of how the design patterns are best used and expert advice on writing better code, as well as what to watch out for. Along the way you'll discover how to create your own libraries and APIs for even more efficient coding.Master the basics of objectoriented programming in JavaScript, as they apply to design patterns Apply design patterns to your kickstart your JavaScript development Work through several realworld examples What you'll learn How to apply objectoriented programming techniques in JavaScript How to take advantage of inheritance, interfaces, and encapsulation and information hiding to kickstart your JavaScript development How to implement several design patterns in your JavaScript projects, including factory, facade, bridge, composite, adapter, decorator, flyweight, proxy, command, observer, and chain of responsibility How to make your code easier to manage in a team environment, as well as on your own How to create your own libraries and APIs Who this book is forThis book will be an invaluable learning tool for any experienced JavaScript developer. Table of Contents Expressive JavaScript Interfaces Encapsulation and Information Hiding Inheritance The Singleton Pattern Chaining The Factory Pattern The Bridge Pattern The Composite Pattern The Facade Pattern The Adapter Pattern The Decorator Pattern The Flyweight Pattern The Proxy Pattern The Observer Pattern The Command Pattern The Chain of Responsibility Pattern

    Scalable Internet Architectures addresses these concerns by teaching you both good and bad design methodologies for building new sites and how to scale existing websites to robust, high-availability websites. Primarily example-based, the book discusses major topics in web architectural design, presenting existing solutions and how they work. Technology budget tight? This book will work for you, too, as it introduces new and innovative concepts to solving traditionally expensive problems without a large technology budget. Using open source and proprietary examples, you will be engaged in best practice design methodologies for building new sites, as well as appropriately scaling both growing and shrinking sites. Website development help has arrived in the form of Scalable Internet Architectures.

    R has traditionally been difficult for non-statisticians to learn, and most R books assume far too much knowledge to be of help. R for Everyone is the solution. Drawing on his unsurpassed experience teaching new users, professional data scientist Jared P. Lander has written the perfect tutorial for anyone new to statistical programming and modeling. Organized to make learning easy and intuitive, this guide focuses on the 20 percent of R functionality you'll need to accomplish 80 percent of modern data tasks. Lander's self-contained chapters start with the absolute basics, offering extensive hands-on practice and sample code. You'll download and install R; navigate and use the R environment; master basic program control, data import, and manipulation; and walk through several essential tests. Then, building on this foundation, you'll construct several complete models, both linear and nonlinear, and use some data mining techniques. By the time you're done, you won't just know how to write R programs, you'll be ready to tackle the statistical problems you care about most. COVERAGE INCLUDES - Exploring R, RStudio, and R packages - Using R for math: variable types, vectors, calling functions, and more - Exploiting data structures, including data.frames, matrices, and lists - Creating attractive, intuitive statistical graphics - Writing user-defined functions - Controlling program flow with if, ifelse, and complex checks - Improving program efficiency with group manipulations - Combining and reshaping multiple datasets - Manipulating strings using R's facilities and regular expressions - Creating normal, binomial, and Poisson probability distributions - Programming basic statistics: mean, standard deviation, and t-tests - Building linear, generalized linear, and nonlinear models - Assessing the quality of models and variable selection - Preventing overfitting, using the Elastic Net and Bayesian methods - Analyzing univariate and multivariate time series data - Grouping data via K-means and hierarchical clustering - Preparing reports, slideshows, and web pages with knitr - Building reusable R packages with devtools and Rcpp - Getting involved with the R global community

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    He explains why invisible and unmanaged queues are the underlying root cause of poor product development performance. He shows why these queues form and how they undermine the speed, quality, and efficiency in product development.

    The result is a tremendous amount of time and money wasted due to wrong assumptions, lack of focus, poor communication of objectives, lack of understanding and misalignment with overall goals. There has to be a better way to deliver!This handbook is a practical guide to impact mapping, a simple yet incredibly effective method for collaborative strategic planning that helps organisations make an impact with software. Impact mapping helps to create better plans and roadmaps that ensure alignment of business and delivery, and are easily adaptable to change. Impact mapping fits nicely into several current trends in software product management and release planning, including goal-oriented requirements engineering, frequent iterative delivery, agile and lean software methods, lean startup product development cycles, and design thinking.Who is this book for?The primary audience of this book are senior people involved in building software products or delivering software projects, from both business and delivery sides. This includes business sponsors and those whose responsibilities include product ownership, project oversight or portfolio management, architecture, business analysis, quality improvement and assurance and delivery. - Business people assigned to software projects will learn how to communicate their ideas better.- Senior product or project sponsors will learn how to communicate their assumptions more effectively to delivery teams, how to engage delivery teams to make better strategic decisions, and how to manage their project portfolio more effectively.- Delivery teams that are already working under the umbrella of agile or lean delivery methods, and more recently lean startup ideas, will learn how to better focus deliverables and engage business sponsors and users.- Delivery teams moving to agile or lean delivery methods will get ideas on how to address some common issues with scaling these practices, such as creating a big picture view, splitting work into small chunks that still have business value and reporting progress more meaningfully.About the authorGojko Adzic is a strategic software delivery consultant who works with ambitious teams to improve the quality of their software products and processes. Gojko won the 2012 Jolt Award for the best book, was voted by peers as the most influential agile testing professional in 2011, and his blog won the UK Agile Award for the best online publication in 2010. To get in touch, write to gojko@neuri.co.uk or visit http://gojko.net.

    Multicore machines and 64-bit operating systems are now standard even for casual users, and Java itself has introduced new features to manage applications. The base JVM has kept pace with those developments and offers a very different performance profile in its current versions. By guiding you through this changing landscape, Java Performance: The Definitive Guide helps you gain the best performance from your Java applications.You’ll explore JVM features that traditionally affected performance—including the just-in-time compiler, garbage collection, and language features—before diving in to aspects of Java 7 and 8 designed for maximum performance in today's applications. You’ll learn features such as the G1 garbage collector to maximize your application’s throughput without causing it to pause, and the Java Flight Recorder, which enables you to see application performance details without the need for separate, specialized profiling tools.Whether you’re new to Java and need to understand the basics of tuning the JVM, or a seasoned developer looking to eek out that last 10% of application performance, this is the book you want.