You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Every integrated software development environment in the world--open-source, standards-based, and proprietary--now supports UML and, more importantly, the model-driven approach to software development. This makes learning the newest UML standard, UML 2.0, critical for all software developers--and there isn't a better choice than this clear, step-by-step guide to learning the language."--Richard Mark Soley, Chairman and CEO, OMGIf you're like most software developers, you're building systems that are increasingly complex. Whether you're creating a desktop application or an enterprise system, complexity is the big hairy monster you must manage.The Unified Modeling Language (UML) helps you manage this complexity. Whether you're looking to use UML as a blueprint language, a sketch tool, or as a programming language, this book will give you the need-to-know information on how to apply UML to your project. While there are plenty of books available that describe UML, Learning UML 2.0 will show you how to use it. Topics covered include:Capturing your system's requirements in your model to help you ensure that your designs meet your users' needsModeling the parts of your system and their relationshipsModeling how the parts of your system work together to meet your system's requirementsModeling how your system moves into the real world, capturing how your system will be deployedEngaging and accessible, this book shows you how to use UML to craft and communicate your project's design. Russ Miles and Kim Hamilton have written a pragmatic introduction to UML based on hard-earned practice, not theory. Regardless of the software process or methodology you use, this book is the one source you need to get up and running with UML 2.0.Russ Miles is a software engineer for General Dynamics UK, where he works with Java and Distributed Systems, although his passion at the moment is Aspect Orientation and, in particular, AspectJ. Kim Hamilton is a senior software engineer at Northrop Grumman, where she's designed and implemented a variety of systems including web applications and distributed systems, with frequent detours into algorithms development.

    Multi-tiered object-oriented platforms, such as Java and .NET, have become commonplace. These new tools and technologies are capable of building powerful applications, but they are not easily implemented. Common failures in enterprise applications often occur because their developers do not understand the architectural lessons that experienced object developers have learned. Patterns of Enterprise Application Architecture is written in direct response to the stiff challenges that face enterprise application developers. The author, noted object-oriented designer Martin Fowler, noticed that despite changes in technology--from Smalltalk to CORBA to Java to .NET--the same basic design ideas can be adapted and applied to solve common problems. With the help of an expert group of contributors, Martin distills over forty recurring solutions into patterns. The result is an indispensable handbook of solutions that are applicable to any enterprise application platform. This book is actually two books in one. The first section is a short tutorial on developing enterprise applications, which you can read from start to finish to understand the scope of the book's lessons. The next section, the bulk of the book, is a detailed reference to the patterns themselves. Each pattern provides usage and implementation information, as well as detailed code examples in Java or C#. The entire book is also richly illustrated with UML diagrams to further explain the concepts. Armed with this book, you will have the knowledge necessary to make important architectural decisions about building an enterprise application and the proven patterns for use when building them. The topics covered include - Dividing an enterprise application into layers - The major approaches to organizing business logic - An in-depth treatment of mapping between objects and relational databases - Using Model-View-Controller to organize a Web presentation - Handling concurrency for data that spans multiple transactions - Designing distributed object interfaces

    It provides all of JavaScript's functionality wrapped in a cleaner, more succinct syntax. In the first book on this exciting new language, CoffeeScript guru Trevor Burnham shows you how to hold onto all the power and flexibility of JavaScript while writing clearer, cleaner, and safer code.CoffeeScript: Accelerated JavaScript Development offers a thorough introduction to this new language, starting from the basics. You'll learn to use time-saving features like list comprehensions and splats, organize your code into modules with extensible classes, and deploy your work to multiple environments. Each chapter is example-driven and includes challenging exercises to push your CoffeeScript know-how further. Through the course of the book, you'll build a fast-paced multiplayer word game-writing both the client (with jQuery) and server (with Node.js) in CoffeeScript. And because the two languages are so deeply intertwined, you'll deepen your understanding of JavaScript along the way. CoffeeScript makes it easier than ever to write powerful, standards-compliant JavaScript code. CoffeeScript: Accelerated JavaScript Development lets you start doing it today.

    Designed for experienced software developers ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the Microsoft Specialist level.Focus on the expertise measured by these objectives:Manage Program FlowCreate and Use TypesDebug Applications and Implement SecurityImplement Data AccessThis Microsoft Exam Ref:Organizes its coverage by exam objectives.Features strategic, what-if scenarios to challenge you.Includes a 15% exam discount from Microsoft. (Limited time offer)

    The principal enhancement in Java 8 was the addition of functional programming constructs to Java's object-oriented roots. Java 7, 8, and 9 also introduced language features, such as the try-with-resources statement, the diamond operator for generic types, default and static methods in interfaces, the @SafeVarargs annotation, and modules. New library features include pervasive use of functional interfaces and streams, the java.time package for manipulating dates and times, and numerous minor enhancements such as convenience factory methods for collections. In this new edition of Effective Java, Bloch updates the work to take advantage of these new language and library features, and provides specific best practices for their use. Java's increased support for multiple paradigms increases the need for best-practices advice, and this book delivers. As in previous editions, each chapter consists of several "items," each presented in the form of a short, standalone essay that provides specific advice, insight into Java platform subtleties, and updated code examples. The comprehensive descriptions and explanations for each item illuminate what to do, what not to do, and why. Coverage includes:Updated techniques and best practices on classic topics, including objects, classes, methods, libraries, and generics How to avoid the traps and pitfalls of commonly misunderstood subtleties of the platform Focus on the language and its most fundamental libraries, such as java.lang and java.util

    Each idiom comes with a detailed description, example code showing the "wrong" way to do it, and code for the idiomatic, "Pythonic" alternative. *This version of the book is for Python 2.7.3+. There is also a Python 3.3+ version available.* "Writing Idiomatic Python" contains the most common and important Python idioms in a format that maximizes identification and understanding. Each idiom is presented as a recommendation to write some commonly used piece of code. It is followed by an explanation of why the idiom is important. It also contains two code samples: the "Harmful" way to write it and the "Idiomatic" way. * The "Harmful" way helps you identify the idiom in your own code. * The "Idiomatic" way shows you how to easily translate that code into idiomatic Python. This book is perfect for you: * If you're coming to Python from another programming language * If you're learning Python as a first programming language * If you're looking to increase the readability, maintainability, and correctness of your Python code What is "Idiomatic" Python? Every programming language has its own idioms. Programming language idioms are nothing more than the generally accepted way of writing a certain piece of code. Consistently writing idiomatic code has a number of important benefits: * Others can read and understand your code easily * Others can maintain and enhance your code with minimal effort * Your code will contain fewer bugs * Your code will teach others to write correct code without any effort on your part

    Using the concise, scenario-driven style pioneered in Scott Meyers' best-selling Effective C++, Matt Galloway brings together 52 Objective-C best practices, tips, shortcuts, and realistic code examples that are available nowhere else. Through real-world examples, Galloway uncovers little-known Objective-C quirks, pitfalls, and intricacies that powerfully impact code behavior and performance. You'll learn how to choose the most efficient and effective way to accomplish key tasks when multiple options exist, and how to write code that's easier to understand, maintain, and improve. Galloway goes far beyond the core language, helping you integrate and leverage key Foundation framework classes and modern system libraries, such as Grand Central Dispatch. Coverage includes Optimizing interactions and relationships between Objective-C objects Mastering interface and API design: writing classes that feel "right at home" Using protocols and categories to write maintainable, bug-resistant code Avoiding memory leaks that can still occur even with Automatic Reference Counting (ARC) Writing modular, powerful code with Blocks and Grand Central Dispatch Leveraging differences between Objective-C protocols and multiple inheritance in other languages Improving code by more effectively using arrays, dictionaries, and sets Uncovering surprising power in the Cocoa and Cocoa Touch frameworks

    I'm going to share that mindset with you — along with hundreds of actionable techniques and proven habits — so you can shortcut those years.Introducing The Effective Engineer — the only book designed specifically for today's software engineers, based on extensive interviews with engineering leaders at top tech companies, and packed with hundreds of techniques to accelerate your career.For two years, I embarked on a quest seeking an answer to one question:How do the most effective engineers make their efforts, their teams, and their careers more successful?I interviewed and collected stories from engineering VPs, directors, managers, and other leaders at today's top software companies: established, household names like Google, Facebook, Twitter, and LinkedIn; rapidly growing mid-sized companies like Dropbox, Square, Box, Airbnb, and Etsy; and startups like Reddit, Stripe, Instagram, and Lyft.These leaders shared stories about the most valuable insights they've learned and the most common and costly mistakes that they've seen engineers — sometimes themselves — make.This is just a small sampling of the hard questions I posed to them:- What engineering qualities correlate with future success?- What have you done that has paid off the highest returns?- What separates the most effective engineers you've worked with from everyone else?- What's the most valuable lesson your team has learned in the past year?- What advice do you give to new engineers on your team? Everyone's story is different, but many of the lessons share common themes.You'll get to hear stories like:- How did Instagram's team of 5 engineers build and support a service that grew to over 40 million users by the time the company was acquired?- How and why did Quora deploy code to production 40 to 50 times per day?- How did the team behind Google Docs become the fastest acquisition to rewrite its software to run on Google's infrastructure?- How does Etsy use continuous experimentation to design features that are guaranteed to increase revenue at launch?- How did Facebook's small infrastructure team effectively operate thousands of database servers?- How did Dropbox go from barely hiring any new engineers to nearly tripling its team size year-over-year? What's more, I've distilled their stories into actionable habits and lessons that you can follow step-by-step to make your career and your team more successful.The skills used by effective engineers are all learnable.And I'll teach them to you. With The Effective Engineer, I'll teach you a unifying framework called leverage — the value produced per unit of time invested — that you can use to identify the activities that produce disproportionate results.Here's a sneak peek at some of the lessons you'll learn. You'll learn how to:- Prioritize the right projects and tasks to increase your impact.- Earn more leeway from your peers and managers on your projects.- Spend less time maintaining and fixing software and more time building and shipping new features.- Produce more accurate software estimates.- Validate your ideas cheaply to reduce wasted work.- Navigate organizational and people-related bottlenecks.- Find the appropriate level of code reviews, testing, abstraction, and technical debt to balance speed and quality.- Shorten your debugging workflow to increase your iteration speed.

    Weinberg adds new insights and highlights the similarities and differences between now and then. Using a conversational style that invites the reader to join him, Weinberg reunites with some of his most insightful writings on the human side of software engineering.Topics include egoless programming, intelligence, psychological measurement, personality factors, motivation, training, social problems on large projects, problem-solving ability, programming language design, team formation, the programming environment, and much more.Dorset House Publishing is proud to make this important text available to new generations of programmers -- and to encourage readers of the first edition to return to its valuable lessons.

    Web Development With Clojure shows you how to apply Clojure programming fundamentals to build real-world solutions. You'll develop all the pieces of a full web application in this powerful language. If you already have some familiarity with Clojure, you'll learn how to put it to serious practical use. If you're new to the language, the book provides just enough Clojure to get down to business.You'll learn the full process of web development using Clojure while getting hands-on experience with current tools, libraries, and best practices in the language. You'll develop Clojure apps with both the Light Table and Eclipse development environments. Rather than frameworks, Clojure development builds on rich libraries. You'll acquire expertise in the popular Ring/Compojure stack, and you'll learn to use the Liberator library to quickly develop RESTful services. Plus, you'll find out how to use ClojureScript to work in one language on the client and server sides.Throughout the book, you'll develop key components of web applications, including multiple approaches to database access. You'll create a simple guestbook app and an app to serve resources to users. By the end, you will have developed a rich Picture Gallery web application from conception to packaging and deployment.This book is for anyone interested in taking the next step in web development.Q&A with Dmitri SotnikovWhy did you write Web Development with Clojure?When I started using Clojure, I found that it took a lot of work to find all the pieces needed to put together a working application. There was very little documentation available on how to organize the code, what libraries to use, or how to package the application for deployment. Having gone through the process of figuring out what works, I thought that it would be nice to make it easier for others to get started.What are the advantages of using a functional language?Over the course of my career, I have developed a great appreciation for functional programming. I find that it addresses a number of shortcomings present in the imperative paradigm. For example, in a functional language any changes to the data are created via revisions to the existing data. So they only exist in the local scope. This fact allows us to safely reason about individual parts of the program in isolation, which is critical for writing and supporting large applications.Why use Clojure specifically?Clojure is a simple and pragmatic language that is designed for real-world usage. It combines the productivity of a high-level language with the excellent performance seen in languages like C# or Java. It's also very easy to learn because it allows you to use a small number of concepts to solve a large variety of problems.If I already have a preferred web development platform, what might I get out of this book?If you're using an imperative language, you'll get to see a very different approach to writing code. Even if you're not going to use Clojure as your primary language, the concepts you'll learn will provide you with new ways to approach problems.Is the material in the book accessible to somebody who is not familiar with Clojure?Absolutely. The book targets developers who are already familiar with the basics of web development and are interested in learning Clojure in this context. The book introduces just enough of the language to get you productive and allows you to learn by example.

    You thought TDD was for someone else, but it's not! It's for you, the embedded C programmer. TDD helps you prevent defects and build software with a long useful life. This is the first book to teach the hows and whys of TDD for C programmers. TDD is a modern programming practice C developers need to know. It's a different way to program---unit tests are written in a tight feedback loop with the production code, assuring your code does what you think. You get valuable feedback every few minutes. You find mistakes before they become bugs. You get early warning of design problems. You get immediate notification of side effect defects. You get to spend more time adding valuable features to your product. James is one of the few experts in applying TDD to embedded C. With his 1.5 decades of training, coaching, and practicing TDD in C, C++, Java, and C# he will lead you from being a novice in TDD to using the techniques that few have mastered. This book is full of code written for embedded C programmers. You don't just see the end product, you see code and tests evolve. James leads you through the thought process and decisions made each step of the way. You'll learn techniques for test-driving code right next to the hardware, and you'll learn design principles and how to apply them to C to keep your code clean and flexible. To run the examples in this book, you will need a C/C++ development environment on your machine, and the GNU GCC tool chain or Microsoft Visual Studio for C++ (some project conversion may be needed).

    

    If you have read the Swift Programming Guide, and want to explore more, this book is for you.Swift is a great language for systems programming, but also lends itself for very high-level programming. We'll explore both high-level topics (for example, programming with generics and protocols), as well as low-level topics (for example, wrapping a C library and string internals).

    Many examples are taken from real-world projects. The book focuses on high-level design as well as the gritty details of the Python syntax. The provided exercises inspire the reader to think about his or her own code, rather than providing solved problems. If you're new to Object Oriented Programming techniques, or if you have basic Python skills and wish to learn in depth how and when to correctly apply Object Oriented Programming in Python, this is the book for you. If you are an object-oriented programmer for other languages, you too will find this book a useful introduction to Python, as it uses terminology you are already familiar with. Python 2 programmers seeking a leg up in the new world of Python 3 will also find the book beneficial, and you need not necessarily know Python 2.