Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    It is also a practical, modern introduction to scientific computing in Python, tailored for data-intensive applications. This is a book about the parts of the Python language and libraries you'll need to effectively solve a broad set of data analysis problems. This book is not an exposition on analytical methods using Python as the implementation language.Written by Wes McKinney, the main author of the pandas library, this hands-on book is packed with practical cases studies. It's ideal for analysts new to Python and for Python programmers new to scientific computing.Use the IPython interactive shell as your primary development environmentLearn basic and advanced NumPy (Numerical Python) featuresGet started with data analysis tools in the pandas libraryUse high-performance tools to load, clean, transform, merge, and reshape dataCreate scatter plots and static or interactive visualizations with matplotlibApply the pandas groupby facility to slice, dice, and summarize datasetsMeasure data by points in time, whether it's specific instances, fixed periods, or intervalsLearn how to solve problems in web analytics, social sciences, finance, and economics, through detailed examples

    After a year of self-study, I learned to program well enough to land a job as a software engineer II at eBay. Once I got there, I realized I was severely under-prepared. I was overwhelmed by the amount of things I needed to know but hadn't learned yet. My journey learning to program, and my experience at my first job as a software engineer were the inspiration for this book. This book is not just about learning to program; although you will learn to code. If you want to program professionally, it is not enough to learn to code; that is why, in addition to helping you learn to program, I also cover the rest of the things you need to know to program professionally that classes and books don't teach you. "The Self-taught Programmer" is a roadmap, a guide to take you from writing your first Python program, to passing your first technical interview. I divided the book into five sections: 1. Start to program in Python 3 and build your first program.2. Learn Object-oriented programming and create a powerful Python program to get you hooked.3. Learn to use tools like Git, Bash, and regular expressions. Then use your new coding skills to build a web scraper.4. Study Computer Science fundamentals like data structures and algorithms.5. Finish with best coding practices, tips for working with a team, and advice on landing a programming job.You CAN learn to program professionally. The path is there. Will you take it?

    Erlang is gaining widespread adoption with the advent of multi-core processors and their new scalable approach to concurrency. With this guide you'll learn how to write complex concurrent programs in Erlang, regardless of your programming background or experience. Written by leaders of the international Erlang community -- and based on their training material -- Erlang Programming focuses on the language's syntax and semantics, and explains pattern matching, proper lists, recursion, debugging, networking, and concurrency. This book helps you:Understand the strengths of Erlang and why its designers included specific features Learn the concepts behind concurrency and Erlang's way of handling it Write efficient Erlang programs while keeping code neat and readable Discover how Erlang fills the requirements for distributed systems Add simple graphical user interfaces with little effort Learn Erlang's tracing mechanisms for debugging concurrent and distributed systems Use the built-in Mnesia database and other table storage features Erlang Programming provides exercises at the end of each chapter and simple examples throughout the book.

    In this unique collection, you'll learn about the processes that led to specific design decisions, including the goals they had in mind, the trade-offs they had to make, and how their experiences have left an impact on programming today. Masterminds of Programming includes individual interviews with:Adin D. Falkoff: APL Thomas E. Kurtz: BASIC Charles H. Moore: FORTH Robin Milner: ML Donald D. Chamberlin: SQL Alfred Aho, Peter Weinberger, and Brian Kernighan: AWK Charles Geschke and John Warnock: PostScript Bjarne Stroustrup: C++ Bertrand Meyer: Eiffel Brad Cox and Tom Love: Objective-C Larry Wall: Perl Simon Peyton Jones, Paul Hudak, Philip Wadler, and John Hughes: Haskell Guido van Rossum: Python Luiz Henrique de Figueiredo and Roberto Ierusalimschy: Lua James Gosling: Java Grady Booch, Ivar Jacobson, and James Rumbaugh: UML Anders Hejlsberg: Delphi inventor and lead developer of C# If you're interested in the people whose vision and hard work helped shape the computer industry, you'll find Masterminds of Programming fascinating.

    Fortunately, there s a solution: Erik T. Ray s Learning XML, Second Edition. This book presents an outstanding birds-eye view of the XML landscape. It s definitely not a programming book (though it does introduce some key XML programming issues). Rather, it s focused on key ideas you need to understand whatever you want to do with XML. That could be document management, web or print content delivery, application integration, B2B commerce, data storage, internationalization -- you name it.Ray s day job is software developer and XML specialist at O Reilly. There, he s helped to implement a complete publishing solution, using DocBook-XML and Perl to produce books in print, on CD-ROM, and for online delivery. So he understands XML from the real-world point of view of someone with a job to do. His first goal is to take on the big questions. First, What is XML? Ray attacks this question from multiple angles, introducing XML as a general-purpose information storage system, a markup language toolkit, and an open standard (or, increasingly, a collection of standards). What can (and can t) you do with XML? What s the history that led us here? And what tools do you need to get started? Next, he introduces the basic building blocks of XML markup and all XML-derived languages: stuff you ll need to know regardless of your goals. Through easy examples, you ll understand elements, attributes, entities, and processing instructions -- and how they fit together in a well-formed XML document. Then, it s on to representing information with XML -- in other words, understanding the nature and planning the structure of the documents you ll be using. Ray starts simply, then builds on his basic examples to discuss narrative documents with text flows, block and inline elements, and titled sections. Once you can handle those, he discusses more complex information modeling, as used in specialized markup languages such as VML. This edition contains an entirely new chapter on XML Schemas -- what he calls the shepherds that keep documents from straying outside of the herd and causing trouble. Schemas, of course, have become hugely important. This is one of the best plain-English introductions to the topic we ve seen. Ray then turns to presentation, introducing CSS stylesheets, basic usage, rule matching, properties, and more. A little later on, he returns to the subject -- this time with a complete introduction to XSL-FO that illuminates two powerful examples. The first is TEI-XML, a markup language for scholarly documents (Ray presents a Shakespearean sonnet, appropriately coded). The second is the immensely powerful DocBook -- which, as we ve observed, Ray knows inside and out. Learning XML is superbly written. Clear explanations. Simple examples. Great metaphors and analogies. And excellent introductions to nearly every topic that matters, from links to presentation, transformation to internationalization. If you re just starting out with XML, you re lucky to have it. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

    These topics lie at the heart of many exciting areas of contemporary science and engineering - communication, signal processing, data mining, machine learning, pattern recognition, computational neuroscience, bioinformatics, and cryptography. This textbook introduces theory in tandem with applications. Information theory is taught alongside practical communication systems, such as arithmetic coding for data compression and sparse-graph codes for error-correction. A toolbox of inference techniques, including message-passing algorithms, Monte Carlo methods, and variational approximations, are developed alongside applications of these tools to clustering, convolutional codes, independent component analysis, and neural networks. The final part of the book describes the state of the art in error-correcting codes, including low-density parity-check codes, turbo codes, and digital fountain codes -- the twenty-first century standards for satellite communications, disk drives, and data broadcast. Richly illustrated, filled with worked examples and over 400 exercises, some with detailed solutions, David MacKay's groundbreaking book is ideal for self-learning and for undergraduate or graduate courses. Interludes on crosswords, evolution, and sex provide entertainment along the way. In sum, this is a textbook on information, communication, and coding for a new generation of students, and an unparalleled entry point into these subjects for professionals in areas as diverse as computational biology, financial engineering, and machine learning.

    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

     This new edition has an earlier evolution of object concepts, developed in a way that capitalizes on the power of objects without overwhelming beginning programmers. It includes all new Java 5 topics, including Scanner class, enumerated types, autoboxing, variable length parameter lists, the enhanced for loop, and generic types. This is in depth coverage on GUI applications. This book is appropriate for beginning programmers who want to learn to program with Java as well as experienced programmers who want to add Java to their skill-set.

    You'll also receive updates when significant changes are made, as well as the final ebook version. Embedded Android is for Developers wanting to create embedded systems based on Android and for those wanting to port Android to new hardware, or creating a custom development environment. Hackers and moders will also find this an indispensible guide to how Android works.

    You d be up to your neck in normal forms before you even had a chance to wade. When Michael J. Hernandez needed a database design book to teach mere mortals like himself, there were none. So he began a personal quest to learn enough to write one. And he did.Now in its Second Edition, Database Design for Mere Mortals is a miracle for today s generation of database users who don t have the background -- or the time -- to learn database design the hard way. It s also a secret pleasure for working pros who are occasionally still trying to figure out what they were taught.Drawing on 13 years of database teaching experience, Hernandez has organized database design into several key principles that are surprisingly easy to understand and remember. He illuminates those principles using examples that are generic enough to help you with virtually any application.Hernandez s goals are simple. You ll learn how to create a sound database structure as easily as possible. You ll learn how to optimize your structure for efficiency and data integrity. You ll learn how to avoid problems like missing, incorrect, mismatched, or inaccurate data. You ll learn how to relate tables together to make it possible to get whatever answers you need in the future -- even if you haven t thought of the questions yet.If -- as is often the case -- you already have a database, Hernandez explains how to analyze it -- and leverage it. You ll learn how to identify new information requirements, determine new business rules that need to be applied, and apply them.Hernandez starts with an introduction to databases, relational databases, and the idea and objectives of database design. Next, you ll walk through the key elements of the database design process: establishing table structures and relationships, assigning primary keys, setting field specifications, and setting up views. Hernandez s extensive coverage of data integrity includes a full chapter on establishing business rules and using validation tables.Hernandez surveys bad design techniques in a chapter on what not to do -- and finally, helps you identify those rare instances when it makes sense to bend or even break the conventional rules of database design.There s plenty that s new in this edition. Hernandez has gone over his text and illustrations with a fine-tooth comb to improve their already impressive clarity. You ll find updates to reflect new advances in technology, including web database applications. There are expanded and improved discussions of nulls and many-to-many relationships; multivalued fields; primary keys; and SQL data type fields. There s a new Quick Reference database design flowchart. A new glossary. New review questions at the end of every chapter.Finally, it s worth mentioning what this book isn t. It isn t a guide to any specific database platform -- so you can use it whether you re running Access, SQL Server, or Oracle, MySQL or PostgreSQL. And it isn t an SQL guide. (If that s what you need, Michael J. Hernandez has also coauthored the superb SQL Queries for Mere Mortals). But if database design is what you need to learn, this book s worth its weight in gold. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

    It won’t crush you. It’s light as a feather (because I haven’t finished it yet—hehe). And there’s a reason this book will stay light: because Ruby is simple to learn.[Why’s (Poignant) Guide to Ruby is released under the Attribution-ShareAlike License. So, yes, please distribute it and print it and read it leisurely in your housecoat.]

    With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different.Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:HTML InjectionCross site scripting (XSS)Cross site request forgery (CSRF)Open RedirectsRemote Code Execution (RCE)Application Logicand more...Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.

    Daniel Liang teaches concepts of problem-solving and object-oriented programming using a fundamentals-first approach. Beginning programmers learn critical problem-solving techniques then move on to grasp the key concepts of object-oriented and GUI programming using Java 5. Students start with the essential problem-solving and programming concepts (control statements, methods, and arrays), are then introduced to object-oriented programming, graphical user interface (GUI), and applets, and finally to exception handling, I/O, data structures, and other advanced subjects. Liang uses small, simple, and stimulating examples to demonstrate concepts and techniques while longer examples are presented in case studies with overall discussions and thorough line-by-line explanations. Students can now write short, interesting, graphical game programs starting from Chapter 2! reinforcing key concepts with objectives lists, introduction and chapter overviews, easy to follow examples, chapter summaries, review questions, programming exercises, interactive self-test. Students receive solutions to even-numbered programming exercises, source code for the examples in the book, online self assessment (w/over 1000 multiple-choice questions) and ONLINE homework through GRADIANCE, the industries most advanced online homework application. Instructors are offered the most extensive library of support materials available including interactive and animated slides, TestGen (w/over 2000 multiple-choice questions), solutions to all programming exercises, sample exams and supplemental exercises. Available in two versions, the Fundamentals First edition (chapters 1-19) and the Comprehensive version (chapters 1-36).

    If you're an experienced developer looking to solve problems related to objects, functions, inheritance, and other language-specific categories, the abstractions and code templates in this guide are ideal -- whether you're writing a client-side, server-side, or desktop application with JavaScript.Written by JavaScript expert Stoyan Stefanov -- Senior Yahoo! Technical and architect of YSlow 2.0, the web page performance optimization tool -- JavaScript Patterns includes practical advice for implementing each pattern discussed, along with several hands-on examples. You'll also learn about anti-patterns: common programming approaches that cause more problems than they solve.Explore useful habits for writing high-quality JavaScript code, such as avoiding globals, using single var declarations, and moreLearn why literal notation patterns are simpler alternatives to constructor functionsDiscover different ways to define a function in JavaScriptCreate objects that go beyond the basic patterns of using object literals and constructor functionsLearn the options available for code reuse and inheritance in JavaScriptStudy sample JavaScript approaches to common design patterns such as Singleton, Factory, Decorator, and moreExamine patterns that apply specifically to the client-side browser environment