Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    Learn how easy it is to handle data as self-contained JSON-style documents, rather than as records in a relational database.Explore ways that document-oriented storage will work for your projectLearn how MongoDB’s schema-free data model handles documents, collections, and multiple databasesExecute basic write operations, and create complex queries to find data with any criteriaUse indexes, aggregation tools, and other advanced query techniquesLearn about monitoring, security and authentication, backup and repair, and moreSet up master-slave and automatic failover replication in MongoDBUse sharding to scale MongoDB horizontally, and learn how it impacts applicationsGet example applications written in Java, PHP, Python, and Ruby

    Part tutorial and part reference, the book serves as a learning tool for building new JavaScript skills and a detailed reference for seasoned JavaScript developers. Danny Goodman's exclusive interactive workbench, The Evaluator, makes it easy to master JavaScript and DOM concepts. Offers deployment strategies that best suit the user's content goals and target audience.Bonus CD-ROM is packed with advanced content for the reader who wants to go an extra step.

    And considering that the "one man" is Neal Stephenson, "the hacker Hemingway" (Newsweek) -- acclaimed novelist, pragmatist, seer, nerd-friendly philosopher, and nationally bestselling author of groundbreaking literary works (Snow Crash, Cryptonomicon, etc., etc.) -- the word is well worth hearing. Mostly well-reasoned examination and partial rant, Stephenson's In the Beginning... was the Command Line is a thoughtful, irreverent, hilarious treatise on the cyber-culture past and present; on operating system tyrannies and downloaded popular revolutions; on the Internet, Disney World, Big Bangs, not to mention the meaning of life itself.

    Algorithms are the procedures that software programs use to manipulate data structures. Besides clear and simple example programs, the author includes a workshop as a small demonstration program executable on a Web browser. The programs demonstrate in graphical form what data structures look like and how they operate. In the second edition, the program is rewritten to improve operation and clarify the algorithms, the example programs are revised to work with the latest version of the Java JDK, and questions and exercises will be added at the end of each chapter making the book even more useful. Educational Supplement Suggested solutions to the programming projects found at the end of each chapter are made available to instructors at recognized educational institutions. This educational supplement can be found at www.prenhall.com, in the Instructor Resource Center.

    "Web Analytics 2.0" presents a new framework that will permanently change how you think about analytics. It provides specific recommendations for creating an actionable strategy, applying analytical techniques correctly, solving challenges such as measuring social media and multichannel campaigns, achieving optimal success by leveraging experimentation, and employing tactics for truly listening to your customers. The book will help your organization become more data driven while you become a super analysis ninja Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.

    Reverse engineering is not about reading assembly code, but actually understanding how different pieces/components in a system work. To reverse engineer a system is to understand how it is constructed and how it works. The book provides: Coverage of x86, x64, and ARM. In the past x86 was the most common architecture on the PC; however, times have changed and x64 is becoming the dominant architecture. It brings new complexity and constructs previously not present in x86. ARM ("Advanced RISC Machine) "is very common in embedded / consumer electronic devices; for example, most if not all cell phones run on ARM. All of apple's i-devices run on ARM. This book will be the first book to cover all three.Discussion of Windows kernel-mode code (rootkits/drivers). This topic has a steep learning curve so most practitioners stay away from this area because it is highly complex. However, this book will provide a concise treatment of this topic and explain how to analyze drivers step-by-step.The book uses real world examples from the public domain. The best way to learn is through a combination of concept discussions, examples, and exercises. This book uses real-world trojans / rootkits as examples congruent with real-life scenariosHands-on exercises. End-of-chapter exercises in the form of conceptual questions and hands-on analysis so so readers can solidify their understanding of the concepts and build confidence. The exercises are also meant to teach readers about topics not covered in the book.

    Through computers, the Internet, the media, and even our daily newspapers, we are awash in a seemingly endless stream of charts, maps, infographics, diagrams, and data. Visual Explanations is a navigational guide through this turbulent sea of information. The book is an essential reference for anyone involved in graphic, web, or multimedia design, as well as for educators and lecturers who use graphics in presentations or classes.Jacket design: Dmitry Krasny.Other artwork by Bonnie Scranton, Dmitry Krasny, and Weilin Wu.

    The book focuses on techniques of lasting value and explains them precisely in terms of a simple abstract machine. The book presents all major programming paradigms in a uniform framework that shows their deep relationships and how and where to use them together.After an introduction to programming concepts, the book presents both well-known and lesser-known computation models ("programming paradigms"). Each model has its own set of techniques and each is included on the basis of its usefulness in practice. The general models include declarative programming, declarative concurrency, message-passing concurrency, explicit state, object-oriented programming, shared-state concurrency, and relational programming. Specialized models include graphical user interface programming, distributed programming, and constraint programming. Each model is based on its kernel language—a simple core language that consists of a small number of programmer- significant elements. The kernel languages are introduced progressively, adding concepts one by one, thus showing the deep relationships between different models. The kernel languages are defined precisely in terms of a simple abstract machine. Because a wide variety of languages and programming paradigms can be modeled by a small set of closely related kernel languages, this approach allows programmer and student to grasp the underlying unity of programming. The book has many program fragments and exercises, all of which can be run on the Mozart Programming System, an Open Source software package that features an interactive incremental development environment.

    For the most part the book is a discussion of good writing style and effective research strategies. Some of the material is accepted wisdom, some is controversial, and some is my opinions. Although the book is brief, it is designed to be comprehensive: some readers may be interested in exploring topics further, but for most readers this book should be suf?cient. The ?rst edition of this book was almost entirely about writing. This e- tion, partly in response to reader feedback and partly in response to issues that arose in my ownexperiences as an advisor, researcher, and referee, is also about research methods. Indeed, the two topics writing about and doing research are not clearly separated. It is a small step from asking how do I write? to askingwhatisitthatIwriteabout? As previously, the guidance on writing focuses on research, but much of the material is applicable to general technical and professional communication. Likewise, the guidance on the practice of research has broader lessons. A pr- titioner trying a new algorithm or explaining to colleagues why one solution is preferable to another should be con?dent that the arguments are built on robust foundations. And, while this edition has a stronger emphasis on research than did the ?rst, nothing has been deleted; there is additional material on research, but the guidance on writing has not been taken away."

    Displaying extraordinary creativity and programming virtuosity, Alexandrescu offers a cutting-edge approach to design that unites design patterns, generic programming, and C++, enabling programmers to achieve expressive, flexible, and highly reusable code. This book introduces the concept of generic components--reusable design templates that produce boilerplate code for compiler consumption--all within C++. Generic components enable an easier and more seamless transition from design to application code, generate code that better expresses the original design intention, and support the reuse of design structures with minimal recoding. The author describes the specific C++ techniques and features that are used in building generic components and goes on to implement industrial strength generic components for real-world applications. Recurring issues that C++ developers face in their day-to-day activity are discussed in depth and implemented in a generic way. These include: Policy-based design for flexibility Partial template specialization Typelists--powerful type manipulation structures Patterns such as Visitor, Singleton, Command, and Factories Multi-method engines For each generic component, the book presents the fundamental problems and design options, and finally implements a generic solution.

    Tracy Kidder got a preview of this world in the late 1970s when he observed the engineers of Data General design and build a new 32-bit minicomputer in just one year. His thoughtful, prescient book, The Soul of a New Machine, tells stories of 35-year-old "veteran" engineers hiring recent college graduates and encouraging them to work harder and faster on complex and difficult projects, exploiting the youngsters' ignorance of normal scheduling processes while engendering a new kind of work ethic.These days, we are used to the "total commitment" philosophy of managing technical creation, but Kidder was surprised and even a little alarmed at the obsessions and compulsions he found. From in-house political struggles to workers being permitted to tease management to marathon 24-hour work sessions, The Soul of a New Machine explores concepts that already seem familiar, even old-hat, less than 20 years later. Kidder plainly admires his subjects; while he admits to hopeless confusion about their work, he finds their dedication heroic. The reader wonders, though, what will become of it all, now and in the future. —Rob Lightner