How we did it:
For any feedback, any questions, any notes or just for chat - feel free to follow us on social networks
Author Steven Sanderson has seen the ASP.NET MVC Framework mature from the start, so his experience, combined with comprehensive coverage of all the new features, including those in the official MVC development toolkit, offers the clearest understanding of how this exciting new framework can improve your coding efficiency. With this book, you’ll gain invaluable up-to-date knowledge of security, deployment, and interoperability challenges. The ASP.NET MVC 2 Framework introduces a radical high-productivity programming model that promotes cleaner code architecture, test-driven development, and powerful extensibility, combined with all the benefits of ASP.NET 3.5. In this book, the core model-view-controller (MVC) architectural concepts are not simply explained or discussed in isolation, but are demonstrated in action. You’ll work through an extended tutorial to create a working e-commerce web application that combines ASP.NET MVC with C# language features and unit-testing best practices. By gaining this invaluable, practical experience, you’ll discover MVC’s strengths and weaknesses for yourself—and put your best-learned theory into practice. What you’ll learn Gain a solid architectural background to ASP.NET MVC 2, including MVC and REST concepts. Explore the entire ASP.NET MVC Framework and take a detailed look at the official MVC development toolkit. See how it works with test-driven development in action. Capitalize on your existing knowledge quickly and easily through translation and comparison of features in classic ASP.NET to those in ASP.NET MVC. Learn about the latest security and deployment issues, including IIS 7.0. Who this book is for This book is for web developers with a basic knowledge of ASP.NET and C# who want (or need) to start using the ASP.NET MVC 2 Framework. Table of Contents What’s the Big Idea? Your First ASP.NET MVC Application Prerequisites SportsStore: A Real Application SportsStore: Navigation and Shopping Cart SportsStore: Administration and Final Enhancements Overview of ASP.NET MVC Projects URLs and Routing Controllers and Actions Controller Extensibility Views Models and Data Entry User Interface Techniques Ajax and Client Scripting Security and Vulnerability Deployment ASP.NET Platform Features Upgrading and Combining ASP.NET Technologies
“For software developers of all experience levels looking to improve their results, and design and implement domain-driven enterprise applications consistently with the best current state of professional practice, Implementing Domain-Driven Design will impart a treasure trove of knowledge hard won within the DDD and enterprise application architecture communities over the last couple decades.” –Randy Stafford, Architect At-Large, Oracle Coherence Product Development “This book is a must-read for anybody looking to put DDD into practice.” –Udi Dahan, Founder of NServiceBus Implementing Domain-Driven Design presents a top-down approach to understanding domain-driven design (DDD) in a way that fluently connects strategic patterns to fundamental tactical programming tools. Vaughn Vernon couples guided approaches to implementation with modern architectures, highlighting the importance and value of focusing on the business domain while balancing technical considerations. Building on Eric Evans' seminal book, Domain-Driven Design, the author presents practical DDD techniques through examples from familiar domains. Each principle is backed up by realistic Java examples–all applicable to C# developers–and all content is tied together by a single case study: the delivery of a large-scale Scrum-based SaaS system for a multitenant environment. The author takes you far beyond “DDD-lite” approaches that embrace DDD solely as a technical toolset, and shows you how to fully leverage DDD's “strategic design patterns” using Bounded Context, Context Maps, and the Ubiquitous Language. Using these techniques and examples, you can reduce time to market and improve quality, as you build software that is more flexible, more scalable, and more tightly aligned to business goals. Coverage includes Getting started the right way with DDD, so you can rapidly gain value from it Using DDD within diverse architectures, including Hexagonal, SOA, REST, CQRS, Event-Driven, and Fabric/Grid-Based Appropriately designing and applying Entities–and learning when to use Value Objects instead Mastering DDD's powerful new Domain Events technique Designing Repositories for ORM, NoSQL, and other databases
Ed Burns, Chris Schalk
The Definitive Guide to JavaServer Faces 2.0 Fully revised and updated for all of the changes in JavaServer Faces (JSF) 2.0, this comprehensive volume covers every aspect of the official standard Web development architecture for JavaEE. Inside this authoritative resource, the co-spec lead for JSF at Sun Microsystems shows you how to create dynamic, cross-browser Web applications that deliver a world-class user experience while preserving a high level of code quality and maintainability. JavaServer Faces 2.0: The Complete Reference features an integrated sample application to use as a model for your own JSF applications, with code available online. The book explains all JSF features, including the request processing lifecycle, managed beans, page navigation, component development, Ajax, validation, internationalization, and security. Expert Group Insights throughout the book offer insider information on the design of JSF. Set up a development environment and build a JSF application Understand the JSF request processing lifecycle Use the Facelets View Declaration Language, managed beans, and the JSF expression language (EL) Define page flow with the JSF Navigation Model, including the new "Implicit Navigation" feature Work with the user interface component model and the JSF event model, including support for bookmarkable pages and the POST, REDIRECT, GET pattern Use the new JSR-303 Bean Validation standard for model data validation Build Ajax-enabled custom UI components Extend JSF with custom non-UI components Manage security, accessibility, internationalization, and localization Learn how to work with JSF and Portlets from the JSF Team Leader at Liferay, the leading Java Portal vendor Ed Burns is a senior staff engineer at Sun Microsystems and is the co-specification lead for JavaServer Faces. He is the co-author of JavaServer Faces: The Complete Reference and author of Secrets of the Rock Star Programmers. Chris Schalk is a developer advocate and works to promote Google's APIs and technologies. He is currently engaging the international Web development community with the new Google App Engine and OpenSocial APIs. Neil Griffin is committer and JSF Team Lead for Liferay Portal and the co-founder of The PortletFaces Project. Ready-to-use code at www.mhprofessonal.com/computingdownload
Dafydd Stuttard, Marcus Pinto
This book is a practical guide to discovering and exploiting security flaws in web applications. The authors explain each category of vulnerability using real-world examples, screen shots and code extracts. The book is extremely practical in focus, and describes in detail the steps involved in detecting and exploiting each kind of security weakness found within a variety of applications such as online banking, e-commerce and other web applications. The topics covered include bypassing login mechanisms, injecting code, exploiting logic flaws and compromising other users. Because every web application is different, attacking them entails bringing to bear various general principles, techniques and experience in an imaginative way. The most successful hackers go beyond this, and find ways to automate their bespoke attacks. This handbook describes a proven methodology that combines the virtues of human intelligence and computerized brute force, often with devastating results. The authors are professional penetration testers who have been involved in web application security for nearly a decade. They have presented training courses at the Black Hat security conferences throughout the world. Under the alias "PortSwigger", Dafydd developed the popular Burp Suite of web application hack tools.
Niels Ferguson, Bruce Schneier, Tadayoshi Kohno
The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts. Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field. After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography. An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
Experienced developers who are looking to create reliably secure sites with ASP.NET 2.0 will find that Professional ASP.NET 2.0 Security, Membership, and Role Management covers a broad range of security features including developing in partial trust, forms authentication, and securing configuration. The book offers detailed information on every major area of ASP.NET security you ll encounter when developing Web applications. You ll see how ASP.NET 2.0 version contains many new built–in security functions compared to ASP.NET 1.x such as Membership and Role Manager, and you ll learn how you can extend or modify various features. The book begins with two chapters that walk you through the processing ASP.NET 2.0 performs during a web request and the security processing for each request, followed by a detailed explanation of ASP.NET Trust Levels. With this understanding of security in place, you can then begin working through the following chapters on configuring system security, forms authentication, and integrating ASP.NET security with classic ASP including integrating Membership and Role Manager with classic ASP. The chapter on session state looks at the limitations of cookieless session identifiers, methods for heading off session denial of service attacks, and how session state is affected by trust level. After the chapter explaining the provider model architecture in ASP.NET 2.0 and how it is useful for writing custom security providers you go to the MembershipProvider class and configuring the two default providers in the Membership feature, SqlMembershipProvider and ActiveDirectoryMembershipProvider. You′ll see how to use RoleManager to make it easy to associate users with roles and perform checks declaratively and in code and wrap up working with three providers for RoleProvider WindowsTokenRoleProvider, SqlRoleProvider, and AuthorizationStoreRoleProvider (to work with Authorization Manager or AzMan). This book is also available as part of the 5–book ASP.NET 2.0 Wrox Box (ISBN: 0–470–11757–5). This 5–book set includes: Professional ASP.NET 2.0 Special Edition (ISBN: 0–470–04178–1) ASP.NET 2.0 Website Programming: Problem – Design – Solution (ISBN: 0764584642 ) Professional ASP.NET 2.0 Security, Membership, and Role Management (ISBN: 0764596985) Professional ASP.NET 2.0 Server Control and Component Development (ISBN: 0471793507) ASP.NET 2.0 MVP Hacks and Tips (ISBN: 0764597663) CD–ROM with more than 1000 pages of bonus chapters from 15 other .NET 2.0 and SQL Server(TM) 2005 Wrox books DVD with 180–day trial version of Microsoft(r) Visual Studio(r) 2005 Professional Edition
Michael Howard, David LeBlanc, John Viega
This essential book for all software developers--regardless of platform, language, or type of application--outlines the “19 deadly sins” of software security and shows how to fix each one. Best-selling authors Michael Howard and David LeBlanc, who teach Microsoft employees how to secure code, have partnered with John Viega, the man who uncovered the 19 deadly programming sins to write this much-needed book. Coverage includes: Windows, UNIX, Linux, and Mac OS X C, C++, C#, Java, PHP, Perl, and Visual Basic Web, small client, and smart-client applications
The book starts by teaching the basic fundamentals of Spring Security 3 such as setup and configuration. Later it looks at more advanced topics showing the reader how to solve complex real world security issues. This book is for Java developers who build web projects and applications. The book assumes basic familiarity with Java, XML and the Spring Framework. Newcomers to Spring Security will still be able to utilize all aspects of this book.
Apache Struts has long provided Java developers with a powerful framework for building extensible, maintainable web applications. Yet the version 2 release takes developers’ capabilities to the next level, having integrated Ajax support, the ability to easily integration with the Spring framework, and the ability to take full advantage of POJOs. Practical Apache Struts 2 Web 2.0 Projects shows you how to capitalize upon these features to build next–generation web applications that both enthrall and empower your users. Gain an in–depth understanding of the Struts framework, with special attention paid to key version 2 features Learn how to take advantage of Web 2.0 concepts alongside Struts 2 to build next–generation web sites Follow along with the introduction of important concepts and development techniques by way of a web site project closely resembling what you might encounter in any enterprise environment What you’ll learn Build a practical Struts 2 Web 2.0–enabled application project from the ground up Enable participation by manipulating data Share data by implementing powerful search utilities Syndicate web content created using RSS and REST Discover advanced features available in Struts 2 web framework Integrate Ajax frameworks to produce user–friendly, responsive interfaces Integrate and use Struts 2 with other frameworks such as Spring to form a broader enterprise Java application stack Who this book is for Developers who want a hands–on practical book demonstrating how Web 2.0 features are implemented in Struts 2. The audience could range from beginner to advanced, as the configuration and basic framework usage will be explained, as well as the advanced extension features. The book would also appeal to developers who wish to understand the Web 2.0 development paradigm from an implementation standpoint.