With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.

    Unfortunately, developers are creating mountains of unmaintainable tests as a side effect. I've been fighting the maintenance battle pretty aggressively for years, and this book captures the what I believe is the most effective way to test.This book details my strong opinions on the best way to test, while acknowledging alternative styles and various contexts in which tests are written. Whether you prefer my style or not, this book will help you write better Unit and Functional Tests.

    Learn how to make a 5-cent wedding band, leather iPod case, and paracord bullwhip!

    While some fear is healthy (often viewed as a conscience that tells programmers to be careful!), the author believes that byproducts of fear include tentative, grumpy, and uncommunicative programmers who are unable to absorb constructive criticism. When programming teams buy into TDD, they immediately see positive results. They eliminate the fear involved in their jobs, and are better equipped to tackle the difficult challenges that face them. TDD eliminates tentative traits, it teaches programmers to communicate, and it encourages team members to seek out criticism However, even the author admits that grumpiness must be worked out individually! In short, the premise behind TDD is that code should be continually tested and refactored. Kent Beck teaches programmers by example, so they can painlessly and dramatically increase the quality of their work.

    By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.

    I loved the tutorial-style game-like program development. This book rekindled my earliest joys of programming. Plus, JavaScript!" —Brendan Eich, creator of JavaScriptJavaScript is the language of the Web, and it's at the heart of every modern website from the lowliest personal blog to the mighty Google Apps. Though it's simple for beginners to pick up and play with, JavaScript is not a toy—it's a flexible and complex language, capable of much more than the showy tricks most programmers use it for.Eloquent JavaScript goes beyond the cut-and-paste scripts of the recipe books and teaches you to write code that's elegant and effective. You'll start with the basics of programming, and learn to use variables, control structures, functions, and data structures. Then you'll dive into the real JavaScript artistry: higher-order functions, closures, and object-oriented programming.Along the way you'll learn to:Master basic programming techniques and best practices Harness the power of functional and object-oriented programming Use regular expressions to quickly parse and manipulate strings Gracefully deal with errors and browser incompatibilities Handle browser events and alter the DOM structure Most importantly, Eloquent JavaScript will teach you to express yourself in code with precision and beauty. After all, great programming is an art, not a science—so why settle for a killer app when you can create a masterpiece?

    Test-driven development (TDD) is a modern software development practice that can dramatically reduce the number of defects in systems, produce more maintainable code, and give you the confidence to change your software to meet changing needs. But C++ programmers have been ignored by those promoting TDD--until now. In this book, Jeff Langr gives you hands-on lessons in the challenges and rewards of doing TDD in C++.Modern C++ Programming With Test-Driven Development, the only comprehensive treatment on TDD in C++ provides you with everything you need to know about TDD, and the challenges and benefits of implementing it in your C++ systems. Its many detailed code examples take you step-by-step from TDD basics to advanced concepts. As a veteran C++ programmer, you're already writing high-quality code, and you work hard to maintain code quality. It doesn't have to be that hard. In this book, you'll learn: how to use TDD to improve legacy C++ systems how to identify and deal with troublesome system dependencies how to do dependency injection, which is particularly tricky in C++ how to use testing tools for C++ that aid TDD new C++11 features that facilitate TDD As you grow in TDD mastery, you'll discover how to keep a massive C++ system from becoming a design mess over time, as well as particular C++ trouble spots to avoid. You'll find out how to prevent your tests from being a maintenance burden and how to think in TDD without giving up your hard-won C++ skills. Finally, you'll see how to grow and sustain TDD in your team. Whether you're a complete unit-testing novice or an experienced tester, this book will lead you to mastery of test-driven development in C++.What You Need A C++ compiler running under Windows or Linux, preferably one that supports C++11. Examples presented in the book were built under gcc 4.7.2. Google Mock 1.6 (downloadable for free; it contains Google Test as well) or an alternate C++ unit testing tool. Most examples in the book are written for Google Mock, but it isn't difficult to translate them to your tool of choice. A good programmer's editor or IDE. cmake, preferably. Of course, you can use your own preferred make too. CMakeLists.txt files are provided for each project. Examples provided were built using cmake version 2.8.9. Various freely-available third-party libraries are used as the basis for examples in the book. These include: - cURL - JsonCpp - Boost (filesystem, date_time/gregorian, algorithm, assign) Several examples use the boost headers/libraries. Only one example uses cURL and JsonCpp.

    

    Editorial Reviews - Perfect Software

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.

    Others have the knack of unerringly zeroing in on the root cause of a bug. Are they geniuses? Just lucky? No, they've learned the secrets of professional debugging. This book will equip you with the tools, techniques and approaches-proven in the crucible of professional software development-to ensure that you can tackle any bug with confidence. You'll learn how to handle every stage of the bug life-cycle, from constructing software that makes debugging easy, through detection, reproduction, diagnosis and rolling out your eventual fix. If you develop software, sooner or later you're going to discover that it doesn't always behave as you intended. Working out why it's misbehaving can be hard. Sometimes very hard. Debug It! is here to help! All bugs are different: there is no silver bullet. You've got to rely upon your intellect, intuition, detective skills and yes, even a little luck. But that doesn't mean that you're completely on your own-there is much you can learn from those who have gone before. This book distills decades of hard-won experience gained in the trenches of professional software development, giving you a head-start and arming you with the tools you need to get to the bottom of the problem, whatever you're faced with. Whether you're writing Java or assembly language, targeting servers or embedded micro-controllers, using agile or traditional approaches, the same basic bug-fixing principles apply. From constructing software that is easy to debug (and incidentally less likely to contain bugs in the first place), through handling bug reports to rolling out your ultimate fix, we'll cover the entire life-cycle of a bug. You'll learn about the empirical approach, which leverages your software's unique ability to show you what's really happening, the importance of finding a reliable and convenient means of reproducing a bug, and common pitfalls so you can avoid them. You'll see how to use commonly available tools to automatically detect problems before they're reported by customers and how to construct "transparent software" that provides access to critical information and internal state.

    . . . Put this one on your must-have list if you have software, love software, hate programmers, or even ARE a programmer, because Mr. Platt (who teaches programming) has set out to puncture the bloated egos of all those who think that just because they can write a program, they can make it easy to use. . . . This book is funny, but it is also an important wake-up call for software companies that want to reduce the size of their customer support bills. If you were ever stuck for an answer to the question, 'Why do good programmers make such awful software?' this book holds the answer."--John McCormick, Locksmith columnist, TechRepublic.com "I must say first, I don't get many computing manuscripts that make me laugh out loud. Between the laughs, Dave Platt delivers some very interesting insight and perspective, all in a lucid and engaging style. I don't get much of that either!"--Henry Leitner, assistant dean for information technology andsenior lecturer on computer science, Harvard University "A riotous book for all of us downtrodden computer users, written in language that we understand."--Stacy Baratelli, author's barber "David's unique take on the problems that bedevil software creation made me think about the process in new ways. If you care about the quality of the software you create or use, read this book."--Dave Chappell, principal, Chappell & Associates "I began to read it in my office but stopped before I reached the bottom of the first page. I couldn't keep a grin off my face! I'll enjoy it after I go back home and find a safe place to read."--Tsukasa Makino, IT manager "David explains, in terms that my mother-in-law can understand, why the software we use today can be so frustrating, even dangerous at times, and gives us some real ideas on what we can do about it."--Jim Brosseau, Clarrus Consulting Group, Inc. A Book for Anyone Who Uses a Computer Today...and Just Wants to Scream! Today's software sucks. There's no other good way to say it. It's unsafe, allowing criminal programs to creep through the Internet wires into our very bedrooms. It's unreliable, crashing when we need it most, wiping out hours or days of work with no way to get it back. And it's hard to use, requiring large amounts of head-banging to figure out the simplest operations.It's no secret that software sucks. You know that from personal experience, whether you use computers for work or personal tasks. In this book, programming insider David Platt explains why that's the case and, more importantly, why it doesn't have to be that way. And he explains it in plain, jargon-free English that's a joy to read, using real-world examples with which you're already familiar. In the end, he suggests what you, as a typical user, without a technical background, can do about this sad state of our software--how you, as an informed consumer, don't have to take the abuse that bad software dishes out.As you might expect from the book's title, Dave's expose is laced with humor--sometimes outrageous, but always dead on. You'll laugh out loud as you recall incidents with your own software that made you cry. You'll slap your thigh with the same hand that so often pounded your computer desk and wished it was a bad programmer's face. But Dave hasn't written this book just for laughs. He's written it to give long-overdue voice to your own discovery--that software does, indeed, suck, but it shouldn't.

    In this hands-on guide, author Ethan Brown teaches you the fundamentals through the development of a fictional application that exposes a public website and a RESTful API. You'll also learn web architecture best practices to help you build single-page, multi-page, and hybrid web apps with Express.Express strikes a balance between a robust framework and no framework at all, allowing you a free hand in your architecture choices. With this book, frontend and backend engineers familiar with JavaScript will discover new ways of looking at web development.Create webpage templating system for rendering dynamic dataDive into request and response objects, middleware, and URL routingSimulate a production environment for testing and developmentFocus on persistence with document databases, particularly MongoDBMake your resources available to other programs with RESTful APIsBuild secure apps with authentication, authorization, and HTTPSIntegrate with social media, geolocation, and other third-party servicesImplement a plan for launching and maintaining your appLearn critical debugging skillsThis book covers Express 4.0.

    You'll start by learning how to set up your Node development environment, including loading the community-created extensions. Next, you'll run several simple demonstration programs where you'll learn the basics of a few common types of Node applications. Then you'll dive into asynchronous programming, a model Node leverages to lessen application bottlenecks.About this BookJavaScript on the server? You bet. Node.js is a JavaScript server capable of supporting scalable, high-performance web applications. Using asynchronous I/O, the server can do more than one thing at a time, a key requirement for real-time apps like chat, games, and live statistics. And since it's JavaScript, you use the same language end to end.Node.js in Action shows you how to build production-quality applications. Clear introductions of key concepts and example-by-example coverage take you from setup to deployment. You'll dive into asynchronous programming, data storage, and output templating, and interact with the filesystem to create non-HTTP applications like TCP/IP servers and command-line tools. Perfect for a web developer transitioning from Rails, Django, or PHP. Requires basic knowledge of JavaScript. No prior experience with Node.js needed.Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.What's InsideSet up Node and extensions Grok asynchronous programming and the event loop Examples including microblogging, IM, games, and moreAbout the AuthorsAs skilled practitioners, expert teachers and trainers, and contributors to the core framework, authors Mike Cantelon, Marc Harter, T.J. Holowaychuk, and Nathan Rajlich represent the best of the Node.js development community.Table of ContentsPART 1 NODE FUNDAMENTALS Welcome to Node.js Building a multiroom chat application Node programming fundamentals PART 2 WEB APPLICATION DEVELOPMENT WITH NODE Building Node web applications Storing Node application data Connect Connect's built-in middleware Express Advanced Express Testing Node applications Web application templating PART 3 GOING FURTHER WITH NODE Deploying Node applications and maintaining uptime Beyond web servers The Node ecosystem