Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    We are living in an age where data comes in abundance, and thanks to the self-learning algorithms from the field of machine learning, we can turn this data into knowledge. Automated speech recognition on our smart phones, web search engines, e-mail spam filters, the recommendation systems of our favorite movie streaming services – machine learning makes it all possible.Thanks to the many powerful open-source libraries that have been developed in recent years, machine learning is now right at our fingertips. Python provides the perfect environment to build machine learning systems productively.This book will teach you the fundamentals of machine learning and how to utilize these in real-world applications using Python. Step-by-step, you will expand your skill set with the best practices for transforming raw data into useful information, developing learning algorithms efficiently, and evaluating results.You will discover the different problem categories that machine learning can solve and explore how to classify objects, predict continuous outcomes with regression analysis, and find hidden structures in data via clustering. You will build your own machine learning system for sentiment analysis and finally, learn how to embed your model into a web app to share with the world

    Windows Presentation Foundation (WPF) is the recommended technology for creating Windows user interfaces, giving you the power to create richer and more compelling applications than you dreamed possible. Whether you want to develop traditional user interfaces or integrate 3D graphics, audio/video, animation, dynamic skinning, multi-touch, rich document support, speech recognition, or more, WPF enables you to do so in a seamless, resolution-independent manner. WPF 4 Unleashed is the authoritative book that covers it all, in a practical and approachable fashion, authored by WPF guru and Microsoft developer Adam Nathan. Covers everything you need to know about Extensible Application Markup Language (XAML) Examines the WPF feature areas in incredible depth: controls, layout, resources, data binding, styling, graphics, animation, and more Highlights the latest features, such as multi-touch, text rendering improvements, XAML language enhancements, new controls, the Visual State Manager, easing functions, and much more Delves into topics that aren't covered by most books: 3D, speech, audio/video, documents, effects Shows how to create popular UI elements, such as Galleries, ScreenTips, and more Demonstrates how to create sophisticated UI mechanisms, such as Visual Studio-like collapsible/dockable panes Explains how to create first-class custom controls for WPF Demonstrates how to create hybrid WPF software that leverages Windows Forms, DirectX, ActiveX, or other non-WPF technologies Explains how to exploit new Windows 7 features, such as Jump Lists and taskbar customizations

    Though it may not seem this way for those who have been in the field for most of their careers, in the overall scheme of professions, software builders are relative "newbies." In the short history of the software field, a lot of facts have been identified, and a lot of fallacies promulgated. Those facts and fallacies are what this book is about. There's a problem with those facts-and, as you might imagine, those fallacies. Many of these fundamentally important facts are learned by a software engineer, but over the short lifespan of the software field, all too many of them have been forgotten. While reading Facts and Fallacies of Software Engineering , you may experience moments of "Oh, yes, I had forgotten that," alongside some "Is that really true?" thoughts. The author of this book doesn't shy away from controversy. In fact, each of the facts and fallacies is accompanied by a discussion of whatever controversy envelops it. You may find yourself agreeing with a lot of the facts and fallacies, yet emotionally disturbed by a few of them! Whether you agree or disagree, you will learn why the author has been called "the premier curmudgeon of software practice." These facts and fallacies are fundamental to the software building field-forget or neglect them at your peril!

    It discusses architectural design and implementation approaches using .NET Core and Docker containers. To make it easier to get started with containers and microservices, the guide focuses on a reference containerized and microservice-based application that you can explore. The sample application is available at the eShopOnContainers GitHub repo.

    This Fourth Edition not only keeps this tradition alive, it actually improves on it."--Steve Vinoski, Chief Engineer, Product Innovation, IONA Technologies" The Primer really brings this large and complex language down to size."--Justin Shaw, Senior Member of Technical Staff, Electronic Programs Division, The Aerospace Corporation"It not only gets novices up and running early, but gets them to do so using good programming practices."--Nevin ": -)" Liber, Senior Principal Engineer (C++ developer since 1988)This popular tutorial introduction to standard C++ has been completely updated, reorganized, and rewritten to help programmers learn the language faster and use it in a more modern, effective way.Just as C++ has evolved since the last edition, so has the authors' approach to teaching it. They now introduce the C++ standard library from the beginning, giving readers the means to write useful programs without first having to master every language detail. Highlighting today's best practices, they show how to write programs that are safe, can be built quickly, and yet offer outstanding performance. Examples that take advantage of the library, and explain the features of C++, also show how to make the best use of the language. As in its previous editions, the book's authoritative discussion of fundamental C++ concepts and techniques makes it a valuable resource even for more experienced programmers.Program Faster and More Effectively with This Rewritten ClassicRestructured for quicker learning, using the C++ standard libraryUpdated to teach the most current programming styles and program design techniquesFilled with new learning aids that emphasize important points, warn about common pitfalls, suggest good programming practices, and provide general usage tipsComplete with exercises that reinforce skills learnedAuthoritative and comprehensive in its coverage The source code for the book's extended examples is available on the Web at the address below.www.awprofessional.com/cpp_primer

    How do you present large volumes of information to people who need to find what they're looking for quickly? This classic primer shows information architects, designers, and web site developers how to build large-scale and maintainable web sites that are appealing and easy to navigate. The new edition is thoroughly updated to address emerging technologies -- with recent examples, new scenarios, and information on best practices -- while maintaining its focus on fundamentals. With topics that range from aesthetics to mechanics, Information Architecture for the World Wide Web explains how to create interfaces that users can understand right away. Inside, you'll find:* An overview of information architecture for both newcomers and experienced practitioners* The fundamental components of an architecture, illustrating the interconnected nature of these systems. Updated, with updates for tagging, folksonomies, social classification, and guided navigation* Tools, techniques, and methods that take you from research to strategy and design to implementation. This edition discusses blueprints, wireframes and the role of diagrams in the design phase* A series of short essays that provide practical tips and philosophical advice for those who work on information architecture* The business context of practicing and promoting information architecture, including recent lessons on how to handle enterprise architecture* Case studies on the evolution of two large and very different information architectures, illustrating best practices along the way* How do you document the rich interfaces of web applications? How do you design for multiple platforms and mobile devices? With emphasis on goals and approaches over tactics or technologies, this enormously popular book gives you knowledge about information architecture with a framework that allows you to learn new approaches -- and unlearn outmoded ones.

    Plenty of books describe what agile development is or why it helps software projects succeed, but very few combine information for developers, managers, testers, and customers into a single package that they can apply directly. This book provides no-nonsense advice on agile planning, development, delivery, and management taken from the authors' many years of experience with Extreme Programming (XP). You get a gestalt view of the agile development process, including comprehensive guidance for non-technical readers and hands-on technical practices for developers and testers. The Art of Agile Development gives you clear answers to questions such as:How can we adopt agile development? Do we really need to pair program? What metrics should we report? What if I can't get my customer to participate? How much documentation should we write? When do we design and architect? As a non-developer, how should I work with my agile team? Where is my product roadmap? How does QA fit in? The book teaches you how to adopt XP practices, describes each practice in detail, then discusses principles that will allow you to modify XP and create your own agile method. In particular, this book tackles the difficult aspects of agile development: the need for cooperation and trust among team members. Whether you're currently part of an agile team, working with an agile team, or interested in agile development, this book provides the practical tips you need to start practicing agile development. As your experience grows, the book will grow with you, providing exercises and information that will teach you first to understand the rules of agile development, break them, and ultimately abandon rules altogether as you master the art of agile development. "Jim Shore and Shane Warden expertly explain the practices and benefits of Extreme Programming. They offer advice from their real-world experiences in leading teams. They answer questions about the practices and show contraindications - ways that a practice may be mis-applied. They offer alternatives you can try if there are impediments to applying a practice, such as the lack of an on-site customer. --Ken Pugh, Author of Jolt Award Winner, Prefactoring "I will leave a copy of this book with every team I visit." --Brian Marick, Exampler Consulting

    Restructured into six parts, this new edition covers a wide spectrum of software processes from initial requirements solicitation through design and development.

    Unfortunately, developers are creating mountains of unmaintainable tests as a side effect. I've been fighting the maintenance battle pretty aggressively for years, and this book captures the what I believe is the most effective way to test.This book details my strong opinions on the best way to test, while acknowledging alternative styles and various contexts in which tests are written. Whether you prefer my style or not, this book will help you write better Unit and Functional Tests.

    You'll find the latest methodologies for the design of effective test cases, including information on psychological and economic principles, managerial aspects, test tools, high-order testing, code inspections, and debugging. Accessible, comprehensive, and always practical, this edition provides the key information you need to test successfully, whether a novice or a working programmer. Buy your copy today and end up with fewer bugs tomorrow.

    Written in a frank but engaging style, Debuggingprovides simple, foolproof principles guaranteed to help find any bug quickly. This book makes those shelves of application-specific debugging books (on C++, Perl, Java, etc.) obsolete. It changes the way readers think about debugging, making those pesky problems suddenly much easier to find and fix. Illustrating the rules with real-life bug-detection war stories, the book shows readers how to: * Understand the system: how perceiving the ""roadmap"" can hasten your journey * Quit thinking and look: when hands-on investigation can’t be avoided * Isolate critical factors: why changing one element at a time can be an essential tool * Keep an audit trail: how keeping a record of the debugging process can win the day

    The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into disassembly-code-level reverse engineering-and explaining how to decipher assembly language

    You can think of this problem as a variant of the well known "telephone game", where some trivial rumor is repeated from one person to the next until it has become distorted beyond recognition and blown up out of all proportion.Unfortunately, the objects of this telephone game are generally considered cornerstone truths of the discipline, to the point that their acceptance now seems to hinder further progress.In this short ebook, we will take a look at some of those "ground truths": the claimed 10x variation in productivity between developers; the "software crisis"; the cost-of-change curve; the "cone of uncertainty"; and more. We'll hone our scholarship skills by looking up the original source for these ideas and taking a deep dive in the history of their development. We'll assess the real weight of the evidence behind these ideas.And we'll confront the scary prospect of moving the state of the art forward in a discipline that has had the ground kicked from under it.

    If you're an experienced developer looking to solve problems related to objects, functions, inheritance, and other language-specific categories, the abstractions and code templates in this guide are ideal -- whether you're writing a client-side, server-side, or desktop application with JavaScript.Written by JavaScript expert Stoyan Stefanov -- Senior Yahoo! Technical and architect of YSlow 2.0, the web page performance optimization tool -- JavaScript Patterns includes practical advice for implementing each pattern discussed, along with several hands-on examples. You'll also learn about anti-patterns: common programming approaches that cause more problems than they solve.Explore useful habits for writing high-quality JavaScript code, such as avoiding globals, using single var declarations, and moreLearn why literal notation patterns are simpler alternatives to constructor functionsDiscover different ways to define a function in JavaScriptCreate objects that go beyond the basic patterns of using object literals and constructor functionsLearn the options available for code reuse and inheritance in JavaScriptStudy sample JavaScript approaches to common design patterns such as Singleton, Factory, Decorator, and moreExamine patterns that apply specifically to the client-side browser environment