You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.

    As traffic volume and data demands increase, these applications become more complicated and brittle, exposing risks and compromising availability. This practical guide shows IT, devops, and system reliability managers how to prevent an application from becoming slow, inconsistent, or downright unavailable as it grows.Scaling isn't just about handling more users; it's also about managing risk and ensuring availability. Author Lee Atchison provides basic techniques for building applications that can handle huge quantities of traffic, data, and demand without affecting the quality your customers expect.In five parts, this book explores:Availability: learn techniques for building highly available applications, and for tracking and improving availability going forwardRisk management: identify, mitigate, and manage risks in your application, test your recovery/disaster plans, and build out systems that contain fewer risksServices and microservices: understand the value of services for building complicated applications that need to operate at higher scaleScaling applications: assign services to specific teams, label the criticalness of each service, and devise failure scenarios and recovery plansCloud services: understand the structure of cloud-based services, resource allocation, and service distribution

    With this practical guide, Alex Banks and Eve Porcello deliver a clear learning path for frontend web developers, backend engineers, and project and product managers looking to get started with GraphQL.You'll explore graph theory, the graph data structure, and GraphQL types before learning hands-on how to build a schema for a photo-sharing application. This book also introduces you to Apollo Client, a popular framework you can use to connect GraphQL to your user interface.Explore graph theory and review popular graph examples in use todayLearn how GraphQL applies database querying methods to the internetCreate a schema for a PhotoShare application that serves as a roadmap and a contract between the frontend and backend teamsUse JavaScript to build a fully functioning GraphQL service and Apollo to implement a clientLearn how to prepare GraphQL APIs and clients for production

    The Lean Startup movement is very promising, but for many teams it ends up translating into an important question: ”Yeah, but what to build ?” “In ThoughtWorks, our response has been a process called an inception. We gather together a good sample of the people who will be affected by the product and have an intensive session to set an initial direction, using a series of exercises focusing on collaboration and the capture of broad goals. We don't attempt a detailed specification, as that is exactly the kind of thing that becomes out of date as soon as code hits production. But we do want to understand what kind of outcomes we are hoping for, the features that we think will drive these outcomes, and how to assess the effectiveness of our product. With The Lean Inception, Paulo has captured his experience in running these inceptions over the last decade. In particular it's focused on his work to boil the inception down to its essence, concentrating the activity on a single, if very intensive, week of work. Paulo shares how he makes this work, through writing a product vision, capturing personas, understanding the user journeys, and developing high-level features. The result isn't a detailed plan of work, which we find quickly rots into irrelevance. It is a guiding set of goals to set us off in the right direction. It doesn't plan out a final product, with all the features that our users will need, instead it focuses on an initial product that we can release and learn from - the Minimum Viable Product. “ – Martin Fowler, Chief Cientist at ThoughtWorks

    Today's increasingly fast pace of software development--as programmers make small changes to software one day only to undo them the next--has only heightened the problem; consecutive work on code or single-programmer software is a rare sight these days. Without careful attention to version control, concurrent and collaborative work can create more headaches than it solves. This is where Subversion comes into play.Written by members of the Subversion open source development team, Version Control with Subversion introduces the powerful new versioning tool designed to be the successor to the Concurrent Version System or CVS. CVS users will find the "look and feel" Subversion comfortably familiar, but under the surface it's far more flexible, robust, and usable, and more importantly, it improves on CVS's more notable flaws.The book begins with a general introduction to Subversion, the basic concepts behind version control, and a guided tour of Subversion's capabilities and structure. With thorough attention to detail, the authors cover every aspect of installing and configuring Subversion for managing a programming project, documentation, or any other team-based endeavor. Later chapters cover the more complex topics of branching, repository administration, and other advanced features such as properties, externals, and access control. The book ends with reference material and appendices covering a number of useful topics such as a Subversion complete reference and troubleshooting guide.Version Control with Subversion aims to be useful to readers of widely different backgrounds, from those with no previous experience in version control to experienced sysadmins. If you've never used version control, you'll find everything you need to get started in this book. And if you're a seasoned CVS pro, this book will help you make a painless leap into Subversion.

    For years, Joel Spolsky has done exactly this at www.joelonsoftware.com. Now, for the first time, you can own a collection of the most important essays from his site in one book, with exclusive commentary and new insights from joel.

    We'll cover resources, messages, cookies, and authentication protocols. We'll look at how HTTP clients can use persistent and parallel connections to improve performance,and see how the web scales to meet demand using cache headers andproxy servers. By the end of the book you will have the knowledge tobuild better web applications and web services.

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    With this hands-on guide, you'll learn how to write effective, idiomatic Python code by leveraging its best and possibly most neglected features. Author Luciano Ramalho takes you through Python's core language features and libraries, and shows you how to make your code shorter, faster, and more readable at the same time.Many experienced programmers try to bend Python to fit patterns they learned from other languages, and never discover Python features outside of their experience. With this book, those Python programmers will thoroughly learn how to become proficient in Python 3.This book covers:Python data model: understand how special methods are the key to the consistent behavior of objectsData structures: take full advantage of built-in types, and understand the text vs bytes duality in the Unicode ageFunctions as objects: view Python functions as first-class objects, and understand how this affects popular design patternsObject-oriented idioms: build classes by learning about references, mutability, interfaces, operator overloading, and multiple inheritanceControl flow: leverage context managers, generators, coroutines, and concurrency with the concurrent.futures and asyncio packagesMetaprogramming: understand how properties, attribute descriptors, class decorators, and metaclasses work"

    You want to develop software in the most effective, efficient way possible. This book gives you the answers you’ve been looking for in friendly, clear language.We’ll cover, in depth, the core concepts of Clojure: immutable collections, concurrency, pure functions, and state management. You’ll finally get the complete picture you’ve been looking for, rather than dozens of puzzle pieces you must assemble yourself. First, we focus on Clojure thinking. You’ll discover the simple architecture of Clojure software, effective development processes, and how to structure applications. Next, we explore the core concepts of Clojure development. You’ll learn how to model with immutable data; write simple, pure functions for efficient transformation; build clean, concurrent designs; and structure your code for elegant composition. Finally, we move beyond pure application development and into the real world. You’ll understand your application’s configuration and dependencies, connect with other data sources, and get your libraries and applications out the door.Go beyond the toy box and into Clojure’s way of thinking. By the end of this book, you’ll have the tools and information to put Clojure’s strengths to work.https://pragprog.com/book/vmclojeco/c...

    Part tutorial and part reference, the book serves as a learning tool for building new JavaScript skills and a detailed reference for seasoned JavaScript developers. Danny Goodman's exclusive interactive workbench, The Evaluator, makes it easy to master JavaScript and DOM concepts. Offers deployment strategies that best suit the user's content goals and target audience.Bonus CD-ROM is packed with advanced content for the reader who wants to go an extra step.

    Did you design your system to survivef a sudden rush of visitors from Digg or Slashdot? Or an influx of real world customers from 100 different countries? Are you ready for a world filled with flakey networks, tangled databases, and impatient users?If you're a developer and don't want to be on call for 3AM for the rest of your life, this book will help.In Release It!, Michael T. Nygard shows you how to design and architect your application for the harsh realities it will face. You'll learn how to design your application for maximum uptime, performance, and return on investment.Mike explains that many problems with systems today start with the design.

    In this book, you'll learn how to become an entrepreneur, driving your career in the direction of your choosing. You'll learn how to build your software development career step by step, following the same path that you would follow if you were building, marketing, and selling a product. After all, your skills themselves are a product. The choices you make about which technologies to focus on and which business domains to master have at least as much impact on your success as your technical knowledge itself--don't let those choices be accidental. We'll walk through all aspects of the decision-making process, so you can ensure that you're investing your time and energy in the right areas. You'll develop a structured plan for keeping your mind engaged and your skills fresh. You'll learn how to assess your skills in terms of where they fit on the value chain, driving you away from commodity skills and toward those that are in high demand. Through a mix of high-level, thought-provoking essays and tactical "Act on It" sections, you will come away with concrete plans you can put into action immediately. You'll also get a chance to read the perspectives of several highly successful members of our industry from a variety of career paths. As with any product or service, if nobody knows what you're selling, nobody will buy. We'll walk through the often-neglected world of marketing, and you'll create a plan to market yourself both inside your company and to the industry in general. Above all, you'll see how you can set the direction of your career, leading to a more fulfilling and remarkable professional life.

    Multicore machines and 64-bit operating systems are now standard even for casual users, and Java itself has introduced new features to manage applications. The base JVM has kept pace with those developments and offers a very different performance profile in its current versions. By guiding you through this changing landscape, Java Performance: The Definitive Guide helps you gain the best performance from your Java applications.You’ll explore JVM features that traditionally affected performance—including the just-in-time compiler, garbage collection, and language features—before diving in to aspects of Java 7 and 8 designed for maximum performance in today's applications. You’ll learn features such as the G1 garbage collector to maximize your application’s throughput without causing it to pause, and the Java Flight Recorder, which enables you to see application performance details without the need for separate, specialized profiling tools.Whether you’re new to Java and need to understand the basics of tuning the JVM, or a seasoned developer looking to eek out that last 10% of application performance, this is the book you want.