The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results.The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger," Dafydd developed the popular Burp Suite of web application hack tools.

    223 photos.

    

    It could forever change how you experience and interact with your physical surroundings, open your eyes to the perversity of bad design and the desirability of good design, and raise your expectations about how things should be designed.B & W photographs and illustrations throughout.

    This innovation advantage will translate into a premium in your company’s stock price—an innovation premium—which is possible only by building the code for innovation right into your organization’s people, processes, and guiding philosophies.Practical and provocative, The Innovator’s DNA is an essential resource for individuals and teams who want to strengthen their innovative prowess.

    Others might point to the qualities of today’s so-called celebrity CEOs—charisma, virtuoso communication skills, and a confident management style. But what really matters when you run an organization? What is the hallmark of exceptional CEO performance? Quite simply, it is the returns for the shareholders of that company over the long term.In this refreshing, counterintuitive book, author Will Thorndike brings to bear the analytical wisdom of a successful career in investing, closely evaluating the performance of companies and their leaders. You will meet eight individualistic CEOs whose firms’ average returns outperformed the S&P 500 by a factor of twenty—in other words, an investment of $10,000 with each of these CEOs, on average, would have been worth over $1.5 million twenty-five years later. You may not know all their names, but you will recognize their companies: General Cinema, Ralston Purina, The Washington Post Company, Berkshire Hathaway, General Dynamics, Capital Cities Broadcasting, TCI, and Teledyne. In The Outsiders, you’ll learn the traits and methods—striking for their consistency and relentless rationality—that helped these unique leaders achieve such exceptional performance.Humble, unassuming, and often frugal, these "outsiders” shunned Wall Street and the press, and shied away from the hottest new management trends. Instead, they shared specific traits that put them and the companies they led on winning trajectories: a laser-sharp focus on per share value as opposed to earnings or sales growth; an exceptional talent for allocating capital and human resources; and the belief that cash flow, not reported earnings, determines a company’s long-term value.Drawing on years of research and experience, Thorndike tells eye-opening stories, extracting lessons and revealing a compelling alternative model for anyone interested in leading a company or investing in one—and reaping extraordinary returns.

    A lack of proper validation kills more businesses than anything else. As Joel Barker says, “Speed is only useful if you’re running in the right direction.” Will It Fly? will help you make sure you are clear for takeoff. It answers questions like: - Does your business idea have merit? - Will it succeed in the market you’re trying to serve, or will it just be a waste of time and resources? - Is it a good idea for you? In other words, will it fly?Chock-full of practical suggestions you can apply to your business idea today, Will It Fly? combines action-based exercises and real-world case studies with anecdotes from the author’s personal experience of making money online, hosting successful podcasts, testing niche sites, and launching several online businesses.Will It Fly? will challenge you to think critically, act deliberately, and dare greatly. You can think of the book as your business flight manual, something you can refer to for honest and straight-forward advice as you begin to test your idea and build a business that takes off and soars.In five parts, Will It Fly? will guide you through the validation of your next business idea:- Part one, Mission Design, helps you make sure your target idea aligns with and supports your goals. - Part two, Development Lab, walks you through uncovering important details about your idea that you haven't even thought about. - Part three, Flight Planning, is all about assessing current market conditions. - Part four, Flight Simulator, focuses on the actual validating and testing of an idea with a small segment of a target market. - Finally, Part five, All Systems Go, is for final analysis to help you make sure your idea is one you are ready to move forward with.

    Algorithms in a Nutshell describes a large number of existing algorithms for solving a variety of problems, and helps you select and implement the right algorithm for your needs -- with just enough math to let you understand and analyze algorithm performance. With its focus on application, rather than theory, this book provides efficient code solutions in several programming languages that you can easily adapt to a specific project. Each major algorithm is presented in the style of a design pattern that includes information to help you understand why and when the algorithm is appropriate. With this book, you will:Solve a particular coding problem or improve on the performance of an existing solutionQuickly locate algorithms that relate to the problems you want to solve, and determine why a particular algorithm is the right one to useGet algorithmic solutions in C, C++, Java, and Ruby with implementation tipsLearn the expected performance of an algorithm, and the conditions it needs to perform at its bestDiscover the impact that similar design decisions have on different algorithmsLearn advanced data structures to improve the efficiency of algorithmsWith Algorithms in a Nutshell, you'll learn how to improve the performance of key algorithms essential for the success of your software applications.

    Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    Since its creation in 2010, Instagram’s fun and simple interface has captured our collective imagination, swiftly becoming a way of life. In No Filter: The Inside Story of Instagram, technology reporter Sarah Frier explains how Instagram’s founders married art and technology to overcome skeptics and to hook the public on visual storytelling. At first, Instagram initially attracted artisans, but then the platform exploded in popularity among the masses, creating an entire industry of digital influencers that’s now worth tens of billions of dollars. Eighteen months after Instagram’s launch and explosive growth, the founders—Kevin Systrom and Mike Krieger—made the gut-wrenching decision to sell the company to Facebook. For most companies, that would be the end of the story; but for Instagram, it was only the beginning. Instagram borrowed some lessons from Facebook and rejected others, until eventually its success stirred tension with Facebook’s CEO Mark Zuckerberg, just as Facebook became embroiled in a string of public crises. Frier unearths the details that led to the cofounders’ departure, bringing to light dramatic moments unknown to the public until now. At its heart, No Filter draws on unprecedented exclusive access—from the founders of Instagram, as well as employees, executives, and competitors; hedge fund billionaire Ray Dalio; Anna Wintour of Vogue; Kris Jenner of the Kardashian-Jenner empire; and a plethora of influencers, from fashionistas with millions of followers to owners of famous dogs worldwide—to show how Instagram has fundamentally changed the way we communicate, shop, eat, and travel. The book brings readers inside users’ strategies to craft their personal image and fame, explaining how the company’s product decisions have affected the structure of our society. From teenagers to the pope, No Filter tells the captivating story of how Instagram not only created a new industry but also changed our lives.

    Revolution in the Valley traces this vision back to its earliest roots: the hallways and backrooms of Apple, where the groundbreaking Macintosh computer was born. The book traces the development of the Macintosh, from its inception as an underground skunkworks project in 1979 to its triumphant introduction in 1984 and beyond.The stories in "Revolution in the Valley" come on extremely good authority. That's because author Andy Hertzfeld was a core member of the team that built the Macintosh system software, and a key creator of the Mac's radically new user interface software. One of the chosen few who worked with the mercurial Steve Jobs, you might call him the ultimate insider.When "Revolution in the Valley" begins, Hertzfeld is working on Apple's first attempt at a low-cost, consumer-oriented computer: the Apple II. He sees that Steve Jobs is luring some of the company's most brilliant innovators to work on a tiny research effort the Macintosh. Hertzfeld manages to make his way onto the Macintosh research team, and the rest is history.Through lavish illustrations, period photos, and Hertzfeld's vivid first-hand accounts, Revolution in the Valley reveals what it was like to be there at the birth of the personal computer revolution. The story comes to life through the book's portrait of the talented and often eccentric characters who made up the Macintosh team. Now, over 20 years later, millions of people are benefiting from the technical achievements of this determined and brilliant group of people.

    “This is Steve Jobs. I saw your picture in a magazine a few years ago and thought we’d work together someday.” After Steve Jobs was unceremoniously dismissed from Apple, he bought a little-known graphics company called Pixar. One day, out of the blue, Jobs called Lawrence Levy, a Harvard-trained lawyer and executive to whom he had never spoken before, to persuade Levy to help him get Pixar off the ground. What Levy found was a company on the verge of failure. To Pixar and Beyond is the story of what happened next: how, working closely with Jobs, Levy produced and implemented a highly improbable plan that transformed Pixar into one of Hollywood’s greatest success stories. Set in the worlds of Silicon Valley and Hollywood, the book takes readers inside Pixar, Disney, law firms, and investment banks. It provides an up-close, firsthand account of Pixar’s ascent, how it made creative choices, Levy’s enduring collaboration and friendship with Jobs, and how Levy came to see in Pixar deeper lessons that can apply to many aspects of our lives.

    A dirty little secret assembly language programmers rarely admit to, however, is that what you really need to learn is machine organization, not assembly language programming. Write Great Code Vol I, the first in a series from assembly language expert Randall Hyde, dives right into machine organization without the extra overhead of learning assembly language programming at the same time. And since Write Great Code Vol I concentrates on the machine organization, not assembly language, the reader will learn in greater depth those subjects that are language-independent and of concern to a high level language programmer. Write Great Code Vol I will help programmers make wiser choices with respect to programming statements and data types when writing software, no matter which language they use.

    Rust's modern, flexible types ensure your program is free of null pointer dereferences, double frees, dangling pointers, and similar bugs, all at compile time, without runtime overhead. In multi-threaded code, Rust catches data races at compile time, making concurrency much easier to use.Written by two experienced systems programmers, this book explains how Rust manages to bridge the gap between performance and safety, and how you can take advantage of it. Topics include:How Rust represents values in memory (with diagrams)Complete explanations of ownership, moves, borrows, and lifetimesCargo, rustdoc, unit tests, and how to publish your code on crates.io, Rust's public package repositoryHigh-level features like generic code, closures, collections, and iterators that make Rust productive and flexibleConcurrency in Rust: threads, mutexes, channels, and atomics, all much safer to use than in C or C++Unsafe code, and how to preserve the integrity of ordinary code that uses itExtended examples illustrating how pieces of the language fit together

    In fact, generating accurate estimates is straightforward—once you understand the art of creating them.In his highly anticipated book, acclaimed author Steve McConnell unravels the mystery to successful software estimation—distilling academic information and real-world experience into a practical guide for working software professionals. Instead of arcane treatises and rigid modeling techniques, this guide highlights a proven set of procedures, understandable formulas, and heuristics that individuals and development teams can apply to their projects to help achieve estimation proficiency.