Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    Monkey has been specifically designed for this book: it's a language that looks a lot like C, has first class functions, closures, strings, hashes and arrays and its only implementation is the one we build in the book.In contrast to text books on interpreters & compilers, the focus of this book is working code. Code is not just found in the appendix -- no, nearly every page contains a snippet! And not only that, but also tests. The code presented in the book is fully tested and the test suite is included.For more information, check out: http://interpreterbook.com/

    

    Tracy Kidder got a preview of this world in the late 1970s when he observed the engineers of Data General design and build a new 32-bit minicomputer in just one year. His thoughtful, prescient book, The Soul of a New Machine, tells stories of 35-year-old "veteran" engineers hiring recent college graduates and encouraging them to work harder and faster on complex and difficult projects, exploiting the youngsters' ignorance of normal scheduling processes while engendering a new kind of work ethic.These days, we are used to the "total commitment" philosophy of managing technical creation, but Kidder was surprised and even a little alarmed at the obsessions and compulsions he found. From in-house political struggles to workers being permitted to tease management to marathon 24-hour work sessions, The Soul of a New Machine explores concepts that already seem familiar, even old-hat, less than 20 years later. Kidder plainly admires his subjects; while he admits to hopeless confusion about their work, he finds their dedication heroic. The reader wonders, though, what will become of it all, now and in the future. —Rob Lightner

    You'll begin by getting Redis set up properly and then exploring the key-value model. Then, you'll dive into real use cases including simple caching, distributed ad targeting, and more. You'll learn how to scale Redis from small jobs to massive datasets. Experienced developers will appreciate chapters on clustering and internal scripting to make Redis easier to use.About the TechnologyWhen you need near-real-time access to a fast-moving data stream, key-value stores like Redis are the way to go. Redis expands on the key-value pattern by accepting a wide variety of data types, including hashes, strings, lists, and other structures. It provides lightning-fast operations on in-memory datasets, and also makes it easy to persist to disk on the fly. Plus, it's free and open source.About this bookRedis in Action introduces Redis and the key-value model. You'll quickly dive into real use cases including simple caching, distributed ad targeting, and more. You'll learn how to scale Redis from small jobs to massive datasets and discover how to integrate with traditional RDBMS or other NoSQL stores. Experienced developers will appreciate the in-depth chapters on clustering and internal scripting.Written for developers familiar with database concepts. No prior exposure to NoSQL database concepts nor to Redis itself is required. Appropriate for systems administrators comfortable with programming.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.What's InsideRedis from the ground upPreprocessing real-time dataManaging in-memory datasetsPub/sub and configurationPersisting to diskAbout the AuthorDr. Josiah L. Carlson is a seasoned database professional and an active contributor to the Redis community.Table of ContentsPART 1 GETTING STARTEDGetting to know RedisAnatomy of a Redis web applicationPART 2 CORE CONCEPTSCommands in RedisKeeping data safe and ensuring performanceUsing Redis for application supportApplication components in RedisSearch-based applicationsBuilding a simple social networkPART 3 NEXT STEPSReducing memory useScaling RedisScripting Redis with Lua

    The kernel handles all interactions between the CPU and the external world, and determines which programs will share processor time, in what order. It manages limited memory so well that hundreds of processes can share the system efficiently, and expertly organizes data transfers so that the CPU isn't kept waiting any longer than necessary for the relatively slow disks.The third edition of Understanding the Linux Kernel takes you on a guided tour of the most significant data structures, algorithms, and programming tricks used in the kernel. Probing beyond superficial features, the authors offer valuable insights to people who want to know how things really work inside their machine. Important Intel-specific features are discussed. Relevant segments of code are dissected line by line. But the book covers more than just the functioning of the code; it explains the theoretical underpinnings of why Linux does things the way it does.This edition of the book covers Version 2.6, which has seen significant changes to nearly every kernel subsystem, particularly in the areas of memory management and block devices. The book focuses on the following topics:Memory management, including file buffering, process swapping, and Direct memory Access (DMA)The Virtual Filesystem layer and the Second and Third Extended FilesystemsProcess creation and schedulingSignals, interrupts, and the essential interfaces to device driversTimingSynchronization within the kernelInterprocess Communication (IPC)Program executionUnderstanding the Linux Kernel will acquaint you with all the inner workings of Linux, but it's more than just an academic exercise. You'll learn what conditions bring out Linux's best performance, and you'll see how it meets the challenge of providing good system response during process scheduling, file access, and memory management in a wide variety of environments. This book will help you make the most of your Linux system.

    Developed by computer science instructors, books in the For the absolute beginner series teach the principles of programming through simple game creation. You will acquire the skills that you need for more practical Python programming applications and you will learn how these skills can be put to use in real-world scenarios. Best of all, by the time you finish this book you will be able to apply the basic principles you've learned to the next programming language you tackle.Features Fun approach to a difficult topic Readers will create games with Python as they learn the fundamentals of this programming language The CD will include games that readers can cut and paste into their own Web site The author provides challenges at the end of chapters to push readers to program on their own.

    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    In each essay, contributors present a notable software architecture, and analyze what makes it innovative and ideal for its purpose. Some of the engineers in this book reveal how they developed a specific project, including decisions they faced and tradeoffs they made. Others take a step back to investigate how certain architectural aspects have influenced computing as a whole. With this book, you'll discover:How Facebook's architecture is the basis for a data-centric application ecosystem The effect of Xen's well-designed architecture on the way operating systems evolve How community processes within the KDE project help software architectures evolve from rough sketches to beautiful systems How creeping featurism has helped GNU Emacs gain unanticipated functionality The magic behind the Jikes RVM self-optimizable, self-hosting runtime Design choices and building blocks that made Tandem the choice platform in high-availability environments for over two decades Differences and similarities between object-oriented and functional architectural views How architectures can affect the software's evolution and the developers' engagement Go behind the scenes to learn what it takes to design elegant software architecture, and how it can shape the way you approach your own projects, with Beautiful Architecture.

    JavaScript Allongé is for:-- Programmers learning JavaScript who want a thorough grounding in its fundamentals rather than a cursory treatment of its syntax.-- Programmers already using JavaScript who want to go back and take a deep dive into programming with functions and combinators.-- Any programmer curious about programming with functions.JavaScript Allongé's primary focus is functions as first-class values and topics built on those fundamentals such as objects, prototypes, "classes," combinators, method decorators, and fluent APIs.

    Domain-driven design (DDD) combined with functional programming is the innovative combo that will get you there. In this pragmatic, down-to-earth guide, you'll see how applying the core principles of functional programming can result in software designs that model real-world requirements both elegantly and concisely - often more so than an object-oriented approach. Practical examples in the open-source F# functional language, and examples from familiar business domains, show you how to apply these techniques to build software that is business-focused, flexible, and high quality.Domain-driven design is a well-established approach to designing software that ensures that domain experts and developers work together effectively to create high-quality software. This book is the first to combine DDD with techniques from statically typed functional programming. This book is perfect for newcomers to DDD or functional programming - all the techniques you need will be introduced and explained.Model a complex domain accurately using the F# type system, creating compilable code that is also readable documentation---ensuring that the code and design never get out of sync. Encode business rules in the design so that you have "compile-time unit tests," and eliminate many potential bugs by making illegal states unrepresentable. Assemble a series of small, testable functions into a complete use case, and compose these individual scenarios into a large-scale design. Discover why the combination of functional programming and DDD leads naturally to service-oriented and hexagonal architectures. Finally, create a functional domain model that works with traditional databases, NoSQL, and event stores, and safely expose your domain via a website or API.Solve real problems by focusing on real-world requirements for your software.What You Need: The code in this book is designed to be run interactively on Windows, Mac and Linux.You will need a recent version of F# (4.0 or greater), and the appropriate .NET runtime for your platform.Full installation instructions for all platforms at fsharp.org.