The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    When it comes to creating websites, the PHP scripting language is truly a red-hot property. In fact, PHP is currently used on more than 19 million websites, surpassing Microsoft's ASP .NET technology in popularity. Programmers love its flexibility and speed; designers love its accessibility and convenience. As the industry standard book on PHP, all of the essentials are covered in a clear and concise manner. Language syntax and programming techniques are coupled with numerous examples that illustrate both correct usage and common idioms. With style tips and practical programming advice, this book will help you become not just a PHP programmer, but a good PHP programmer. Programming PHP, Second Edition covers everything you need to know to create effective web applications with PHP. Contents include: Detailed information on the basics of the PHP language, including data types, variables, operators, and flow control statements Chapters outlining the basics of functions, strings, arrays, and objects Coverage of common PHP web application techniques, such as form processing and validation, session tracking, and cookies Material on interacting with relational databases, such as MySQL and Oracle, using the database-independent PEAR DB library and the new PDO Library Chapters that show you how to generate dynamic images, create PDF files, and parse XML files with PHP Advanced topics, such as creating secure scripts, error handling, performance tuning, and writing your own C language extensions to PHP A handy quick reference to all the core functions in PHP and all the standard extensions that ship with PHP Praise for the first edition: "If you are just getting into the dynamic Web development world or you are considering migrating from another dynamic web product to PHP, Programming PHP is the book of choice to get you up, running, and productive in a short time."--Peter MacIntrye, eWeek "I think this is a great book for programmers who want to start developing dynamic websites with PHP. It gives a detailed overview of PHP, lots of valuable tips, and a good sense of PHP's strengths."--David Dooling, Slashdot.org

    Combining tools, core principles, and plenty of humor, The Agile Samurai gives you the tools and the attitude to deliver something of value every week, and make rolling software into production a non-event. You’ll see how agile software delivery really works and how to help your team get agile fast, while having fun along the way.

    Rust's modern, flexible types ensure your program is free of null pointer dereferences, double frees, dangling pointers, and similar bugs, all at compile time, without runtime overhead. In multi-threaded code, Rust catches data races at compile time, making concurrency much easier to use.Written by two experienced systems programmers, this book explains how Rust manages to bridge the gap between performance and safety, and how you can take advantage of it. Topics include:How Rust represents values in memory (with diagrams)Complete explanations of ownership, moves, borrows, and lifetimesCargo, rustdoc, unit tests, and how to publish your code on crates.io, Rust's public package repositoryHigh-level features like generic code, closures, collections, and iterators that make Rust productive and flexibleConcurrency in Rust: threads, mutexes, channels, and atomics, all much safer to use than in C or C++Unsafe code, and how to preserve the integrity of ordinary code that uses itExtended examples illustrating how pieces of the language fit together

    And then we wonder why software is notorious for being delivered late and full of bugs, while other engineers routinely deliver finished bridges, automobiles, electrical appliances, etc., on time and with only minor defects. This book sets out to redress this imbalance. Members of my advanced development team at Adobe who took the course based on the same material all benefited greatly from the time invested. It may appear as a highly technical text intended only for computer scientists, but it should be required reading for all practicing software engineers." --Martin Newell, Adobe Fellow"The book contains some of the most beautiful code I have ever seen." --Bjarne Stroustrup, Designer of C++"I am happy to see the content of Alex's course, the development and teaching of which I strongly supported as the CTO of Silicon Graphics, now available to all programmers in this elegant little book." --Forest Baskett, General Partner, New Enterprise Associates"Paul's patience and architectural experience helped to organize Alex's mathematical approach into a tightly-structured edifice--an impressive feat!" --Robert W. Taylor, Founder of Xerox PARC CSL and DEC Systems Research Center Elements of Programming provides a different understanding of programming than is presented elsewhere. Its major premise is that practical programming, like other areas of science and engineering, must be based on a solid mathematical foundation. The book shows that algorithms implemented in a real programming language, such as C++, can operate in the most general mathematical setting. For example, the fast exponentiation algorithm is defined to work with any associative operation. Using abstract algorithms leads to efficient, reliable, secure, and economical software.This is not an easy book. Nor is it a compilation of tips and tricks for incremental improvements in your programming skills. The book's value is more fundamental and, ultimately, more critical for insight into programming. To benefit fully, you will need to work through it from beginning to end, reading the code, proving the lemmas, and doing the exercises. When finished, you will see how the application of the deductive method to your programs assures that your system's software components will work together and behave as they must.The book presents a number of algorithms and requirements for types on which they are defined. The code for these descriptions--also available on the Web--is written in a small subset of C++ meant to be accessible to any experienced programmer. This subset is defined in a special language appendix coauthored by Sean Parent and Bjarne Stroustrup.Whether you are a software developer, or any other professional for whom programming is an important activity, or a committed student, you will come to understand what the book's experienced authors have been teaching and demonstrating for years--that mathematics is good for programming, and that theory is good for practice.

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    You'll learn how to:Read and write files efficiently Use signals, clocks, and timers Create processes and execute programs Write secure programs Write multithreaded programs using POSIX threads Build and use shared libraries Perform interprocess communication using pipes, message queues, shared memory, and semaphores Write network applications with the sockets API While The Linux Programming Interface covers a wealth of Linux-specific features, including epoll, inotify, and the /proc file system, its emphasis on UNIX standards (POSIX.1-2001/SUSv3 and POSIX.1-2008/SUSv4) makes it equally valuable to programmers working on other UNIX platforms.The Linux Programming Interface is the most comprehensive single-volume work on the Linux and UNIX programming interface, and a book that's destined to become a new classic.Praise for The Linux Programming Interface "If I had to choose a single book to sit next to my machine when writing software for Linux, this would be it." —Martin Landers, Software Engineer, Google "This book, with its detailed descriptions and examples, contains everything you need to understand the details and nuances of the low-level programming APIs in Linux . . . no matter what the level of reader, there will be something to be learnt from this book." —Mel Gorman, Author of Understanding the Linux Virtual Memory Manager "Michael Kerrisk has not only written a great book about Linux programming and how it relates to various standards, but has also taken care that bugs he noticed got fixed and the man pages were (greatly) improved. In all three ways, he has made Linux programming easier. The in-depth treatment of topics in The Linux Programming Interface . . . makes it a must-have reference for both new and experienced Linux programmers." —Andreas Jaeger, Program Manager, openSUSE, Novell "Michael's inexhaustible determination to get his information right, and to express it clearly and concisely, has resulted in a strong reference source for programmers. While this work is targeted at Linux programmers, it will be of value to any programmer working in the UNIX/POSIX ecosystem." —David Butenhof, Author of Programming with POSIX Threads and Contributor to the POSIX and UNIX Standards ". . . a very thorough—yet easy to read—explanation of UNIX system and network programming, with an emphasis on Linux systems. It's certainly a book I'd recommend to anybody wanting to get into UNIX programming (in general) or to experienced UNIX programmers wanting to know 'what's new' in the popular GNU/Linux system." —Fernando Gont, Network Security Researcher, IETF Participant, and RFC Author ". . . encyclopedic in the breadth and depth of its coverage, and textbook-like in its wealth of worked examples and exercises. Each topic is clearly and comprehensively covered, from theory to hands-on working code. Professionals, students, educators, this is the Linux/UNIX reference that you have been waiting for." —Anthony Robins, Associate Professor of Computer Science, The University of Otago "I've been very impressed by the precision, the quality and the level of detail Michael Kerrisk put in his book. He is a great expert of Linux system calls and lets us share his knowledge and understanding of the Linux APIs." —Christophe Blaess, Author of Programmation systeme en C sous Linux ". . . an essential resource for the serious or professional Linux and UNIX systems programmer. Michael Kerrisk covers the use of all the key APIs across both the Linux and UNIX system interfaces with clear descriptions and tutorial examples and stresses the importance and benefits of following standards such as the Single UNIX Specification and POSIX 1003.1." —Andrew Josey, Director, Standards, The Open Group, and Chair of the POSIX 1003.1 Working Group "What could be better than an encyclopedic reference to the Linux system, from the standpoint of the system programmer, written by none other than the maintainer of the man pages himself? The Linux Programming Interface is comprehensive and detailed. I firmly expect it to become an indispensable addition to my programming bookshelf." —Bill Gallmeister, Author of POSIX.4 Programmer's Guide: Programming for the Real World ". . . the most complete and up-to-date book about Linux and UNIX system programming. If you're new to Linux system programming, if you're a UNIX veteran focused on portability while interested in learning the Linux way, or if you're simply looking for an excellent reference about the Linux programming interface, then Michael Kerrisk's book is definitely the companion you want on your bookshelf." —Loic Domaigne, Chief Software Architect (Embedded), Corpuls.com

    This book draws on material Michael created for his renowned Object Mentor seminars, techniques Michael has used in mentoring to help hundreds of developers, technical managers, and testers bring their legacy systems under control. The topics covered include: Understanding the mechanics of software change, adding features, fixing bugs, improving design, optimizing performance Getting legacy code into a test harness Writing tests that protect you against introducing new problems Techniques that can be used with any language or platform, with examples in Java, C++, C, and C# Accurately identifying where code changes need to be made Coping with legacy systems that aren't object-oriented Handling applications that don't seem to have any structureThis book also includes a catalog of twenty-four dependency-breaking techniques that help you work with program elements in isolation and make safer changes.

    For years, Joel Spolsky has done exactly this at www.joelonsoftware.com. Now, for the first time, you can own a collection of the most important essays from his site in one book, with exclusive commentary and new insights from joel.

    The answers aren't easy -- just incredibly successful.

    It's not that there is a lack of information out there. You can find academic papers, engineering blogs, and even books on the subject. The problem is that the available information is spread out all over the place, and if you were to put it on a spectrum from theory to practice, you would find a lot of material at the two ends, but not much in the middle.That is why I decided to write a book to teach the fundamentals of distributed systems so that you don’t have to spend countless hours scratching your head to understand how everything fits together. This is the guide I wished existed when I first started out, and it's based on my experience building large distributed systems that scale to millions of requests per second and billions of devices.If you develop the back-end of web or mobile applications (or would like to!), this book is for you. When building distributed systems, you need to be familiar with the network stack, data consistency models, scalability and reliability patterns, and much more. Although you can build applications without knowing any of that, you will end up spending hours debugging and re-designing their architecture, learning lessons that you could have acquired in a much faster and less painful way.

    Although its remarkable capabilities have made Ruby on Rails one of the world’s most popular web development frameworks, it can be challenging to learn and use. Ruby on Rails™ 3 Tutorial is the solution. Leading Rails developer Michael Hartl teaches Rails 3 by guiding you through the development of your own complete sample application using the latest techniques in Rails web development.Drawing on his experience building RailsSpace, Insoshi, and other sophisticated Rails applications, Hartl illuminates all facets of design and implementation—including powerful new techniques that simplify and accelerate development.You’ll find integrated tutorials not only for Rails, but also for the essential Ruby, HTML, CSS, JavaScript, and SQL skills you’ll need when developing web applications. Hartl explains how each new technique solves a real-world problem, and he demonstrates this with bite-sized code that’s simple enough to understand, yet novel enough to be useful. Whatever your previous web development experience, this book will guide you to true Rails mastery.This book will help you Install and set up your Rails development environment Go beyond generated code to truly understand how to build Rails applications from scratch Learn Test Driven Development (TDD) with RSpec Effectively use the Model-View-Controller (MVC) pattern Structure applications using the REST architecture Build static pages and transform them into dynamic ones Master the Ruby programming skills all Rails developers need Define high-quality site layouts and data models Implement registration and authentication systems, including validation and secure passwords Update, display, and delete users Add social features and microblogging, including an introduction to Ajax Record version changes with Git and share code at GitHub Simplify application deployment with Heroku

    We'll cover resources, messages, cookies, and authentication protocols. We'll look at how HTTP clients can use persistent and parallel connections to improve performance,and see how the web scales to meet demand using cache headers andproxy servers. By the end of the book you will have the knowledge tobuild better web applications and web services.

    It’s easy and fun with this practical, hands-on introduction. Author Scott Murray teaches you the fundamental concepts and methods of D3, a JavaScript library that lets you express data visually in a web browser. Along the way, you’ll expand your web programming skills, using tools such as HTML and JavaScript.This step-by-step guide is ideal whether you’re a designer or visual artist with no programming experience, a reporter exploring the new frontier of data journalism, or anyone who wants to visualize and share data.Learn HTML, CSS, JavaScript, and SVG basicsDynamically generate web page elements from your data—and choose visual encoding rules to style themCreate bar charts, scatter plots, pie charts, stacked bar charts, and force-directed layoutsUse smooth, animated transitions to show changes in your dataIntroduce interactivity to help users explore data through different viewsCreate customized geographic maps with dataExplore hands-on with downloadable code and over 100 examples

    This book contains the fundamental laws of software development, the primary pieces of understanding that make the difference between a mid-level/junior programmer and the high-level senior software engineer. The book exists to help all programmers understand the process of writing software, on a very fundamental level that can be applied to any programming language or project, from here into eternity. Code Simplicity is also written in such a way that even non-technical managers of software teams can gain an understanding of what the “right way” and the “wrong way” is (and why they are right and wrong) when it comes to software design. The focus of the book is primarily on “software design,” the process of creating a plan for a software project and making technical decisions about the pattern and structure of a system.