You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Two leaders in the requirements community have teamed up to deliver a contemporary set of practices covering the full range of requirements development and management activities on software projects. Describes practical, effective, field-tested techniques for managing the requirements engineering process from end to end. Provides examples demonstrating how requirements "good practices" can lead to fewer change requests, higher customer satisfaction, and lower development costs. Fully updated with contemporary examples and many new practices and techniques. Describes how to apply effective requirements practices to agile projects and numerous other special project situations. Targeted to business analysts, developers, project managers, and other software project stakeholders who have a general understanding of the software development process. Shares the insights gleaned from the authors' extensive experience delivering hundreds of software-requirements training courses, presentations, and webinars.New chapters are included on specifying data requirements, writing high-quality functional requirements, and requirements reuse. Considerable depth has been added on business requirements, elicitation techniques, and nonfunctional requirements. In addition, new chapters recommend effective requirements practices for various special project situations, including enhancement and replacement, packaged solutions, outsourced, business process automation, analytics and reporting, and embedded and other real-time systems projects.

    Rust's modern, flexible types ensure your program is free of null pointer dereferences, double frees, dangling pointers, and similar bugs, all at compile time, without runtime overhead. In multi-threaded code, Rust catches data races at compile time, making concurrency much easier to use.Written by two experienced systems programmers, this book explains how Rust manages to bridge the gap between performance and safety, and how you can take advantage of it. Topics include:How Rust represents values in memory (with diagrams)Complete explanations of ownership, moves, borrows, and lifetimesCargo, rustdoc, unit tests, and how to publish your code on crates.io, Rust's public package repositoryHigh-level features like generic code, closures, collections, and iterators that make Rust productive and flexibleConcurrency in Rust: threads, mutexes, channels, and atomics, all much safer to use than in C or C++Unsafe code, and how to preserve the integrity of ordinary code that uses itExtended examples illustrating how pieces of the language fit together

    The Unwritten Laws of Business is such a book. Originally published over 60 years ago as The Unwritten Laws of Engineering, it has sold over 100,000 copies, despite the fact that it has never been available before to general readers. Fully revised for business readers today, here are but a few of the gems you’ll find in this little-known business classic: If you take care of your present job well, the future will take care of itself.The individual who says nothing is usually credited with having nothing to say.Whenever you are performing someone else’s function, you are probably neglecting your own.Martyrdom only rarely makes heroes, and in the business world, such heroes and martyrs often find themselves unemployed.Refreshingly free of the latest business fads and jargon, this is a book that is wise and insightful, capturing and distilling the timeless truths and principles that underlie management and business the world over.The little book with the big history.In the summer of 2005, Business 2.0 published a cover story on Raytheon CEO William Swanson’s self-published pamphlet, Swanson’s Unwritten Rules of Management. Lauded by such chief executives as Jack Welch and Warren Buffett, the booklet becamea quiet phenomenon. As it turned out, much of Swanson’s book drew from a classic of business literature that has been in print for more than sixty years. Now, in a new edition revised and updated for business readers today, we are reissuing the 1944 classic that inspired a number of Swanson’s “rules”: The Unwritten Laws of Business. Filled with sage advice and written in a spare, engaging style, The Unwritten Laws of Business offers insights on working with others, reporting to a boss, organizing a project, running a meeting, advancing your career, and more. Here’s just a sprinkling of the old-fashioned, yet surprisingly relevant, wisdom you’ll find in these pages:If you have no intention of listening to, considering, and perhaps using, someone’s opinion, don’t ask for it.Count any meeting a failure that does not end up with a definite understanding as to what’s going to be done, who’s going to do it, and when.The common belief that everyone can do anything if they just try hard enough is a formula for inefficiency at best and for complete failure at worst.It is natural enough to “look out for Number One first,” but when you do, your associates will be noticeably disinclined to look out for you.Whether you’re a corporate neophyte or seasoned manager, this charming book reveals everything you need to know about the “unwritten” laws of business.