You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Author Steve Souders, in his job as Chief Performance Yahoo!, collected these best practices while optimizing some of the most-visited pages on the Web. Even sites that had already been highly optimized, such as Yahoo! Search and the Yahoo! Front Page, were able to benefit from these surprisingly simple performance guidelines.The rules in High Performance Web Sites explain how you can optimize the performance of the Ajax, CSS, JavaScript, Flash, and images that you've already built into your site -- adjustments that are critical for any rich web application. Other sources of information pay a lot of attention to tuning web servers, databases, and hardware, but the bulk of display time is taken up on the browser side and by the communication between server and browser. High Performance Web Sites covers every aspect of that process.Each performance rule is supported by specific examples, and code snippets are available on the book's companion web site. The rules include how to: Make Fewer HTTP RequestsUse a Content Delivery NetworkAdd an Expires HeaderGzip ComponentsPut Stylesheets at the TopPut Scripts at the BottomAvoid CSS ExpressionsMake JavaScript and CSS ExternalReduce DNS LookupsMinify JavaScriptAvoid RedirectsRemove Duplicates ScriptsConfigure ETagsMake Ajax CacheableIf you're building pages for high traffic destinations and want to optimize the experience of users visiting your site, this book is indispensable.If everyone would implement just 20% of Steve's guidelines, the Web would be adramatically better place. Between this book and Steve's YSlow extension, there's reallyno excuse for having a sluggish web site anymore.-Joe Hewitt, Developer of Firebug debugger and Mozilla's DOM InspectorSteve Souders has done a fantastic job of distilling a massive, semi-arcane art down to a set of concise, actionable, pragmatic engineering steps that will change the world of web performance.-Eric Lawrence, Developer of the Fiddler Web Debugger, Microsoft Corporation

    This completely revised edition shows you how to master key JavaScript concepts such as functions, closures, objects, prototypes, and promises. It covers APIs such as the DOM, events, and timers. You’ll discover best practice techniques such as testing, and cross-browser development, all taught from the perspective of skilled JavaScript practitioners.

    Want to impress your coworkers and write the fastest, most efficient, stable code you ever have? Don't reinvent the wheel. Reuse decades of research into battle-tested, highly optimized, and proven techniques available on any Unix system.This book will teach you what you need to know so that you can write your own servers, debug your entire stack when things go awry, and understand how things are working under the hood.http://www.jstorimer.com/products/wor...

    This practical book takes experienced web developers through the new discipline of frontend architecture, including the latest tools, standards, and best practices that have elevated frontend web development to an entirely new level.Using real-world examples, case studies, and practical tips and tricks throughout, author Micah Godbolt introduces you to the four pillars of frontend architecture. He also provides compelling arguments for developers who want to embrace the mantle of frontend architect and fight to make it a first-class citizen in their next project.The four pillars include:Code: how to approach the HTML, CSS, and JavaScript of a design systemProcess: tools and processes for creating an efficient and error-proof workflowTesting: creating a stable foundation on which to build your siteDocumentation: tools for writing documentation while the work is in progress

    

    Get the most out of BDD in Ruby with The RSpec Book, written by the lead developer of RSpec, David Chelimsky. You'll get started right away with RSpec 2 and Cucumber by developing a simple game, using Cucumber to express high-level requirements in language your customer understands, and RSpec to express more granular requirements that focus on the behavior of individual objects in the system. You'll learn how to use test doubles (mocks and stubs) to control the environment and focus the RSpec examples on one object at a time, and how to customize RSpec to "speak" in the language of your domain. You'll develop Rails 3 applications and use companion tools such as Webrat and Selenium to express requirements for web applications both in memory and in the browser. And you'll learn to specify Rails views, controllers, and models, each in complete isolation from the other. Whether you're developing applications, frameworks, or the libraries that power them, The RSpec Book will help you write better code, better tests, and deliver better software to happier users.

    This hands-on guide introduces you to AngularJS, the open source JavaScript framework that uses Model–view–controller (MVC) architecture, data binding, client-side templates, and dependency injection to create a much-needed structure for building web apps.Guided by two engineers who worked on AngularJS at Google, you’ll walk through the framework’s key features, and then build a working AngularJS app—from layout to testing, compiling, and debugging. You’ll learn how AngularJS helps reduce the complexity of your web app.Dive deep into Angular’s building blocks and learn how they work togetherGain maximum flexibility by separating logic, data, and presentation responsibilities with MVCAssemble your full app in the browser, using client-side templatesUse AngularJS directives to extend HTML with declarative syntaxCommunicate with the server and implement simple caching with the $http serviceUse dependency injection to improve refactoring, testability, and multiple environment designGet code samples for common problems you face in most web apps

    It's all muscle and no fluff. Discover how the experts tackle Windows 7--and challenge yourself to new levels of mastery! Compare features and capabilities in each edition of Windows 7.Configure and customize your system with advanced setup options.Manage files, folders, and media libraries.Set up a wired or wireless network and manage shared resources.Administer accounts, passwords, and logons--and help control access to resources.Configure Internet Explorer 8 settings and security zones.Master security essentials to help protect against viruses, worms, and spyware.Troubleshoot errors and fine-tune performance.Automate routine maintenance with scripts and other tools. CD includes: Fully searchable eBookDownloadable gadgets and other tools for customizing Windows 7Insights direct from the product team on the official Windows 7 blogLinks to the latest security updates and products, demos, blogs, and user communities For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

    Although its remarkable capabilities have made Ruby on Rails one of the world’s most popular web development frameworks, it can be challenging to learn and use. Ruby on Rails™ 3 Tutorial is the solution. Leading Rails developer Michael Hartl teaches Rails 3 by guiding you through the development of your own complete sample application using the latest techniques in Rails web development.Drawing on his experience building RailsSpace, Insoshi, and other sophisticated Rails applications, Hartl illuminates all facets of design and implementation—including powerful new techniques that simplify and accelerate development.You’ll find integrated tutorials not only for Rails, but also for the essential Ruby, HTML, CSS, JavaScript, and SQL skills you’ll need when developing web applications. Hartl explains how each new technique solves a real-world problem, and he demonstrates this with bite-sized code that’s simple enough to understand, yet novel enough to be useful. Whatever your previous web development experience, this book will guide you to true Rails mastery.This book will help you Install and set up your Rails development environment Go beyond generated code to truly understand how to build Rails applications from scratch Learn Test Driven Development (TDD) with RSpec Effectively use the Model-View-Controller (MVC) pattern Structure applications using the REST architecture Build static pages and transform them into dynamic ones Master the Ruby programming skills all Rails developers need Define high-quality site layouts and data models Implement registration and authentication systems, including validation and secure passwords Update, display, and delete users Add social features and microblogging, including an introduction to Ajax Record version changes with Git and share code at GitHub Simplify application deployment with Heroku

    It offers on expressiveness and safety without compromising simplicity, seamless interoperability with existing Java code, and great tooling support. Because Kotlin generates regular Java bytecode and works together with existing Java libraries and frameworks, it can be used almost everywhere where Java is used today - for server-side development, Android apps, and much more.Kotlin in Action takes experienced Java developers from the language basics all the way through building applications to run on the JVM and Android devices. Written by core developers of Kotlin, this example-rich book begins by teaching you the basic syntax of the Kotlin language. Then you’ll learn how to use features that let you build reusable abstractions, higher-level functions, libraries, and even entire domain specific languages. Finally, you’ll focus on details of applying Kotlin in real-world projects, such as build system integration, Android support and concurrent programming.

    His walk through the syntax and semantics of JavaScript is both charming and hugely insightful; reminders of gotchas complement realistic use cases, paced at a comfortable curve. You'll find when you finish the book that you've gained a strong and comprehensive sense of mastery." --Paul Irish, developer advocate, Google Chrome "This is not a book for those looking for shortcuts; rather it is hard-won experience distilled into a guided tour. It's one of the few books on JS that I'll recommend without hesitation." --Alex Russell, TC39 member, software engineer, Google In order to truly master JavaScript, you need to learn how to work effectively with the language's flexible, expressive features and how to avoid its pitfalls. No matter how long you've been writing JavaScript code, Effective JavaScript will help deepen your understanding of this powerful language, so you can build more predictable, reliable, and maintainable programs. Author David Herman, with his years of experience on Ecma's JavaScript standardization committee, illuminates the language's inner workings as never before--helping you take full advantage of JavaScript's expressiveness. Reflecting the latest versions of the JavaScript standard, the book offers well-proven techniques and best practices you'll rely on for years to come. Effective JavaScript is organized around 68 proven approaches for writing better JavaScript, backed by concrete examples. You'll learn how to choose the right programming style for each project, manage unanticipated problems, and work more successfully with every facet of JavaScript programming from data structures to concurrency. Key features include Better ways to use prototype-based object-oriented programming Subtleties and solutions for working with arrays and dictionary objects Precise and practical explanations of JavaScript's functions and variable scoping semantics Useful JavaScript programming patterns and idioms, such as options objects and method chaining In-depth guidance on using JavaScript's unique "run-to-completion" approach to concurrency

    How do you present large volumes of information to people who need to find what they're looking for quickly? This classic primer shows information architects, designers, and web site developers how to build large-scale and maintainable web sites that are appealing and easy to navigate. The new edition is thoroughly updated to address emerging technologies -- with recent examples, new scenarios, and information on best practices -- while maintaining its focus on fundamentals. With topics that range from aesthetics to mechanics, Information Architecture for the World Wide Web explains how to create interfaces that users can understand right away. Inside, you'll find:* An overview of information architecture for both newcomers and experienced practitioners* The fundamental components of an architecture, illustrating the interconnected nature of these systems. Updated, with updates for tagging, folksonomies, social classification, and guided navigation* Tools, techniques, and methods that take you from research to strategy and design to implementation. This edition discusses blueprints, wireframes and the role of diagrams in the design phase* A series of short essays that provide practical tips and philosophical advice for those who work on information architecture* The business context of practicing and promoting information architecture, including recent lessons on how to handle enterprise architecture* Case studies on the evolution of two large and very different information architectures, illustrating best practices along the way* How do you document the rich interfaces of web applications? How do you design for multiple platforms and mobile devices? With emphasis on goals and approaches over tactics or technologies, this enormously popular book gives you knowledge about information architecture with a framework that allows you to learn new approaches -- and unlearn outmoded ones.

    The books also provides a companion web site that provides the toold and materials necessary to build the hardware and software.

    In this book, author Gojko Adzic distills interviews with successful teams worldwide, sharing how they specify, develop, and deliver software, without defects, in short iterative delivery cycles.About the Technology Specification by Example is a collaborative method for specifying requirements and tests. Seven patterns, fully explored in this book, are key to making the method effective. The method has four main benefits: it produces living, reliable documentation; it defines expectations clearly and makes validation efficient; it reduces rework; and, above all, it assures delivery teams and business stakeholders that the software that's built is right for its purpose.About the Book This book distills from the experience of leading teams worldwide effective ways to specify, test, and deliver software in short, iterative delivery cycles. Case studies in this book range from small web startups to large financial institutions, working in many processes including XP, Scrum, and Kanban.This book is written for developers, testers, analysts, and business people working together to build great software.Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book.What's InsideCommon process patterns How to avoid bad practices Fitting SBE in your process 50+ case studies For additional resources go to specificationbyexample.com.