Software

Lewis provides the most up-to-date introduction to the C# programming language.  Takes an object oriented approach by covering C# for a beginning programmer.  It provides both text-based and GUI-based examples to demonstrate computing concepts.  It uses UML: Unified Modeling Language throughout to illustrate program designs.  MARKET: For readers who want to learn how to program using the C# language.

The focus of Introduction to Software Engineering Design is the processes, principles and practices used to design software products.  The discipline of design, generic design processes, and managing design are introduced in Part I.  Part II covers software product design, use case modeling, and user interface design.  Part III of the book is its core and covers enginnering data anyalysis, including conceptual modeling, and both architectural and detailed engineering design.  This book is for anyone interested in learning software design.

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude.” —Halvar Flake, CEO and head of research, SABRE Security GmbH   The Definitive Insider’s Guide to Auditing Software Security   This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.   The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.   Coverage includes   • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies   This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.   Contents ABOUT THE AUTHORS     xv PREFACE     xvii ACKNOWLEDGMENTS    xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS    3 2 DESIGN REVIEW     25 3 OPERATIONAL REVIEW    67 4 APPLICATION REVIEW PROCESS    91 II Software Vulnerabilities 5 MEMORY CORRUPTION    167 6 C LANGUAGE ISSUES     203 7 PROGRAM BUILDING BLOCKS     297 8 STRINGS ANDMETACHARACTERS    387 9 UNIX I: PRIVILEGES AND FILES     459 10 UNIX II: PROCESSES     559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM     625 12 WINDOWS II: INTERPROCESS COMMUNICATION     685 13 SYNCHRONIZATION AND STATE    755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS    829 15 FIREWALLS    891 16 NETWORK APPLICATION PROTOCOLS    921 17 WEB APPLICATIONS    1007 18 WEB TECHNOLOGIES     1083 BIBLIOGRAPHY     1125 INDEX     1129

Use Visual Studio 2010’s Breakthrough Testing Tools to Improve Quality Throughout the Entire Software Lifecycle   Together, Visual Studio 2010 Ultimate, Visual Studio Test Professional 2010, Lab Management 2010, and Team Foundation Server offer Microsoft developers the most sophisticated, well-integrated testing solution they’ve ever had. Now, Microsoft MVP and VS testing guru Jeff Levinson shows exactly how to use Microsoft’s new tools to save time, reduce costs, and improve quality throughout the entire development lifecycle.   Jeff demonstrates how Microsoft’s new tools can help you finally overcome long-standing communication, coordination, and management challenges. You’ll discover how to perform first-rate functional testing; quickly create and execute tests and record the results with log files and video; and create bugs directly from tests, ensuring reproducibility and eliminating wasted time. Levinson offers in-depth coverage of Microsoft’s powerful new testing metrics, helping you ensure traceability all the way from requirements through finished software.   Coverage includes   •    Planning your tests using Microsoft Test Manager (MTM) •    Creating test settings, structuring test cases, and managing the testing process •    Executing manual tests with Microsoft Test Manager and Test Runner •    Filing and resolving bugs, and customizing your bug reporting process •    Automating test cases and linking automated tests with requirements •    Executing automated test cases through both Visual Studio and Microsoft Test Manager •    Integrating automated testing into the build process •    Using Microsoft’s Lab Management virtualization platform to test applications, snapshot environments, and reproduce bugs •    Implementing detailed metrics for evaluating quality and identifying improvements   Whether you’re a developer, tester, manager, or analyst, this book can help you significantly improve the way you work and the results you deliver—both as an individual right now, and as a team member throughout your entire project.  

Using agile methods and the tools of Visual Studio 2010, development teams can deliver higher-value software faster, systematically eliminate waste, and increase transparency throughout the entire development lifecycle. Now, Microsoft Visual Studio product owner Sam Guckenheimer and leading Visual Studio implementation consultant Neno Loje show how to make the most of Microsoft’s new Visual Studio 2010 Application Lifecycle Management (ALM) tools in your environment.   This book is the definitive guide to the application of agile development with Scrum and modern software engineering practices using Visual Studio 2010. You’ll learn how to use Visual Studio 2010 to empower and engage multidisciplinary, self-managing teams and provide the transparency they need to maximize productivity. Along the way, Guckenheimer and Loje help you overcome every major impediment that leads to stakeholder dissatisfaction—from mismatched schedules to poor quality, blocked builds to irreproducible bugs, and technology “silos” to geographic “silos.”   Coverage includes• Accelerating the “flow of value” to customers in any software project, no matter how large or complex• Empowering high-performance software teams and removing overhead in software delivery• Automating “burndowns” and using dashboards to gain a real-time, multidimensional view of quality and progress• Using Visual Studio 2010 to reduce or eliminate “no repro” bugs• Automating deployment and virtualizing test labs to make continuous builds deployable• Using Test Impact Analysis to quickly choose the right tests based on recent code changes• Working effectively with sources, branches, and backlogs across distributed teams• Sharing code, build automation, test, project and other data across .NET and Java teams• Uncovering hidden architectural patterns in legacy software, so you can refactor changes more confidently• Scaling Scrum to large, distributed organizations   Whatever your discipline, this book will help you use Visual Studio 2010 to focus on what really matters: building software that delivers exceptional value sooner and keeps customers happy far into the future.   Foreword by Ken Schwaber It is my honor to write a foreword for Sam’s book, Agile Software Delivery with Visual Studio. Sam is both a practitioner of software development, as well as a scholar. I have worked with Sam for the last two years to merge Scrum with modern engineering practices and an excellent toolset, Microsoft’s VS 2010. We are both indebted to Aaron Bjork of Microsoft, who developed the Scrum template that instantiates Scrum in VS 2010 through the Scrum Template.   I do not want Scrum to be prescriptive. I left many holes, such as what as the syntax and organization of the Product Backlog, the engineering practices that turned Product Backlog items into a potentially shippable increment, and the magic that would create self-organizing teams. Sam has superbly described one way of filling in these holes in his book. He describes the techniques and tooling, as well as the rationale of the approach that he prescribes. He does this in detail, with scope and humor. Since I have worked with Microsoft since 2004 and Sam since 2009 on these practices and tooling, I am delighted. Our first launch was a course, the Professional Scrum Developer .NET course, that taught developers how to use solid increments using modern engineering practices on VS 2010 — working in self-organizing, cross-functional teams. Sam’s book is the bible to this course and more, laying it all out in detail and philosophy. If you are on a Scrum Team building software with .NET technologies, this is the book for you. If you are using Java, this book is compelling enough to read anyway, and maybe worth switching to .NET.   When we devised and signed the Agile Manifesto in 2001, our first value was “Individuals and interactions over processes and tools.”

Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated.

Build Breakthrough Performance into Any SOA or Advanced Computing ApplicationTo meet unprecedented demand, IT organizations must improve application performance by an order of magnitude. Improving performance is even more crucial in SOA environments, which demand far more computing power than older architectures. Today’s multi-core servers can deliver the performance businesses require, but few applications take full advantage of them. Now, software innovator Cory Isaacson introduces an easier, more flexible approach to parallel processing—one that any IT organization can use to attain unprecedented levels of performance. Isaacson shows how Software Pipeline models can help you scale applications to any level required, maximize resources, deliver on challenging objectives, and achieve unprecedented ROI. He illuminates these techniques with real-life business scenarios and proven design patterns—everything architects, analysts, and developers need to start using them immediately. This book’s in-depth coverage includes    How Software Pipelines work, what they can accomplish, and how you can apply them using the Software Pipelines Optimization Cycle (SPOC)    Scaling applications via parallel processing while guaranteeing order of processing in mission-critical applications     Solving performance problems in existing applications, and resolving bottlenecks in existing processes     A complete, easy-to-adapt Pipelines Reference Framework    Detailed code examples reflecting proven Pipelines Patterns    Techniques that can be applied in any industry, with any programming language    Specific architectural and design solutions for common business and technical challenges    The future of Software Pipelines: emerging opportunities for “greenfield” development    Tools, sample templates, source code, and up-to-date information at SoftwarePipelines.org

How to Break Software Security describes the general problem of software security in a practical perspective from a software tester's point of view. It defines prescriptive techniques (attacks that testers can use on their own software) that are designed to ferret out security vulnerabilities in software applications. The book's style is easy to read and provides readers with the techniques and advice to hunt down security bugs and see that they're destroyed before the software is released. Accompanying the book is a CD-ROM containing Holodeck, which tests for security vulnerabilities. There are also a number of bug-finding tools, freeware, and an easy-to-use port scanner included on the CD-ROM.

Software Engineering with Microsoft Visual Studio Team System is written for a software team that is considering running a software project using Visual Studio Team System (VSTS). It is about the "why" of VSTS: its guiding ideas, why they are presented in certain ways, and how they fit into the process of managing the software lifecycle. This book is the next best thing to having an onsite coach who can lead the team through a consistent set of processes. It is a framework for thinking about software projects in a way that can be directly tooled by VSTS. It presents essential theory and practical examples to describe a realistic process for IT projects. This is a book that any team using or considering VSTS should read.

C# has matured over the past decade: It’s now a rich language with generics, functional programming concepts, and support for both static and dynamic typing. This palette of techniques provides great tools for many different idioms, but there are also many ways to make mistakes. In Effective C#, Second Edition, respected .NET expert Bill Wagner identifies fifty ways you can leverage the full power of the C# 4.0 language to express your designs concisely and clearly.   Effective C#, Second Edition, follows a clear format that makes it indispensable to hundreds of thousands of developers: clear, practical explanations, expert tips, and plenty of realistic code examples. Drawing on his unsurpassed C# experience, Wagner addresses everything from types to resource management to dynamic typing to multicore support in the C# language and the .NET framework. Along the way, he shows how to avoid common pitfalls in the C# language and the .NET environment. You’ll learn how to   Use both types of C# constants for efficiency and maintainability (see Item 2) Employ immutable data types to promote multicore processing (see Item 20) Minimize garbage collection, boxing, and unboxing (see Items 16 and 45) Take full advantage of interfaces and delegates (see Items 22 though 25) Make the most of the parallel framework (see Items 35 through 37) Use duck typing in C# (see Item 38) Spot the advantages of the dynamic and Expression types over reflection (see Items 42 and 43) Assess why query expressions are better than loops (see Item 8) Understand how generic covariance and contravariance affect your designs (see Item 29) See how optional parameters can minimize the number of method overloads (see Item 10)   You’re already a successful C# programmer–this book will help you become an outstanding one.

Agile techniques have demonstrated immense potential for developing more effective, higher-quality software. However, scaling these techniques to the enterprise presents many challenges. The solution is to integrate the principles and practices of Lean Software Development with Agile’s ideology and methods. By doing so, software organizations leverage Lean’s powerful capabilities for “optimizing the whole” and managing complex enterprise projects.   A combined “Lean-Agile” approach can dramatically improve both developer productivity and the software’s business value.In this book, three expert Lean software consultants draw from their unparalleled experience to gather all the insights, knowledge, and new skills you need to succeed with Lean-Agile development.   Lean-Agile Software Development shows how to extend Scrum processes with an Enterprise view based on Lean principles. The authors present crucial technical insight into emergent design, and demonstrate how to apply it to make iterative development more effective. They also identify several common development “anti-patterns” that can work against your goals, and they offer actionable, proven alternatives.   Lean-Agile Software Development shows how to   Transition to Lean Software Development quickly and successfully Manage the initiation of product enhancements Help project managers work together to manage product portfolios more effectively Manage dependencies across the software development organization and with its partners and colleagues Integrate development and QA roles to improve quality and eliminate waste Determine best practices for different software development teams   The book’s companion Web site, www.netobjectives.com/lasd, provides updates, links to related materials, and supportfor discussions of the book’s content.

<>Make the Most of Visual Studio Team System in Real-World Agile Development Visual Studio Team System (VSTS) gives Microsoft development teams a powerful, integrated toolset for Agile development. Visual Studio Team System: Better Software Development for Agile Teams is a comprehensive, start-to-finish guide to making the most of VSTS in real-world Agile environments. Using a book-length case study, the authors show how to use VSTS to improve every aspect of software development, step by step–from project planning through design and from coding through testing and deployment. Agile consultant Will Stott and Microsoft development lead James Newkirk carefully integrate theory and practice, offering hands-on exercises, practical insights into core Extreme Programming (XP) techniques, and much more. Coverage includes Using VSTS to support the transition to Agile values and techniquesForming Agile teams and building effective process frameworksLeveraging Team Foundation Version Control to help teams manage change and share their code effectivelyImplementing incremental builds and integration with Team Foundation BuildMaking the most of VSTS tools for Test-Driven Development and refactoring Bringing agility into software modeling and using patterns to model solutions more effectivelyUsing the FIT integrated testing framework to make sure customers are getting what they needEstimating, prioritizing, and planning Agile projects Preface Acknowledgments About the Authors Introduction: Broken Process Section 1: Apply Sharp Tools and Values Chapter 1: Introduction to Visual Studio Team System Chapter 2: Agile Values Review of Section 1: Sharp Tools and Values Section 2: Introduce Agile Development Chapter 3: Overview of Agile Development Chapter 4: Forming an Agile Team Chapter 5: Team Foundation Process Frameworks Chapter 6: Improving Your Process Framework  Review of Section 2: Introduce Agile Development Section 3: Use Version Control Chapter 7: Managing Change Chapter 8: Setting Up TFS Version Control Chapter 9: Using TFVC in Your Project Chapter 10: Policing Your Project with TFVC Review of Section 3: Use Version Control Section 4: Build and Integrate Often Chapter 11: Building and Integrating Software Chapter 12: Working with Team Foundation Build Review of Section 4: Build and Integrate Often Section 5: Practice Test-Driven Development  Chapter 13: Introduction to TDD Chapter 14: Developing Your First Tests Chapter 15: Learning to Refactor Chapter 16: Code Coverage and Performance Chapter 17: Integrating TFP Code with a User Interface Review of Section 5: Practice Test-Driven Development Section 6: Explore by Modeling Chapter 18: Modeling with Agility Chapter 19: Creating Models Chapter 20: Using Models in an Agile Project Chapter 21: Modeling Solutions with Patterns Review of Section 6: Explore by Modeling Section 7: Implement Customer Testing Chapter 22: Involving Customers in Testing Chapter 23: Creating FIT Fixtures Chapter 24: Running FIT with Team Foundation Build Review of Section 7: Implement Customer Testing Section 8: Estimate, Prioritize, and Plan Chapter 25: Estimating and Prioritizing Stories Chapter 26: Agile Planning Chapter 27: Managing Agile Projects Review of Section 8: Estimate, Prioritize, and Plan Section 9: Practice for Deployment Chapter 28: Moving into Production Chapter 29: Developing Installation Programs Chapter 30: Deployment of Distributed Systems Review of Section 9: Practice for Deployment Section 10: Provide and Reveal Value  Chapter 31: Producing Technical Reports Chapter 32: Generating Business Value Review of Section 10: Provide and Reveal Value Retrospective: Fixing the Process Appendixes Appendix A: Setting Up VSTS for the Exercises Appendix B: Software Project Environment for a Small Team Appendix C: Agile Workspace 753 List of Exercises List of Extreme Programming Practices Glossary  Bibliography Resources

For software to consistently deliver promised results, software development must mature into a true profession. Emergent Design points the way. As software continues to evolve and mature, software development processes become more complicated, relying on a variety of methodologies and approaches. This book illuminates the path to building the next generation of software. Author Scott L. Bain integrates the best of today’s most important development disciplines into a unified, streamlined, realistic, and fully actionable approach to developing software. Drawing on patterns, refactoring, and test-driven development, Bain offers a blueprint for moving efficiently through the entire software lifecycle, smoothly managing change, and consistently delivering systems that are robust, reliable, and cost-effective.   Reflecting a deep understanding of the natural flow of system development, Emergent Design helps developers work with the flow, instead of against it. Bain introduces the principles and practices of emergent design one step at a time, showing how to promote the natural evolution of software systems over time, making systems work better and provide greater value. To illuminate his approach, Bain presents code examples wherever necessary and concludes with a complete project case study.   This book provides developers, project leads, and testers powerful new ways to collaborate, achieve immediate goals, and build systems that improve in quality with each iteration.   Coverage includes  How to design software in a more natural, evolutionary, and professional way How to use the “open-closed” principle to mitigate risks and eliminate waste How and when to test your design throughout the development process How to translate design principles into practices that actually lead to better code How to determine how much design is enough How refactoring can help you reduce over-design and manage change more effectively The book’s companion Web site, www.netobjectives.com/resources, provides updates, links to related materials, and support for discussions of the book’s content.

Pioneering the Future of Software Test   Do you need to get it right, too? Then, learn from Google. Legendary testing expert James Whittaker, until recently a Google testing leader, and two top Google experts reveal exactly how Google tests software, offering brand-new best practices you can use even if you’re not quite Google’s size…yet!   Breakthrough Techniques You Can Actually Use   Discover 100% practical, amazingly scalable techniques for analyzing risk and planning tests…thinking like real users…implementing exploratory, black box, white box, and acceptance testing…getting usable feedback…tracking issues…choosing and creating tools…testing “Docs & Mocks, ” interfaces, classes, modules, libraries, binaries, services, and infrastructure…reviewing code and refactoring…using test hooks, presubmit scripts, queues, continuous builds, and more. With these techniques, you can transform testing from a bottleneck into an accelerator—and make your whole organization more productive!  

“There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude.” —Halvar Flake, CEO and head of research, SABRE Security GmbH   The Definitive Insider’s Guide to Auditing Software Security   This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for “ripping apart” applications to reveal even the most subtle and well-hidden security flaws.   The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications.   Coverage includes   • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies   This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike.   Contents ABOUT THE AUTHORS     xv PREFACE     xvii ACKNOWLEDGMENTS    xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS    3 2 DESIGN REVIEW     25 3 OPERATIONAL REVIEW    67 4 APPLICATION REVIEW PROCESS    91 II Software Vulnerabilities 5 MEMORY CORRUPTION    167 6 C LANGUAGE ISSUES     203 7 PROGRAM BUILDING BLOCKS     297 8 STRINGS ANDMETACHARACTERS    387 9 UNIX I: PRIVILEGES AND FILES     459 10 UNIX II: PROCESSES     559 11 WINDOWS I: OBJECTS AND THE FILE SYSTEM     625 12 WINDOWS II: INTERPROCESS COMMUNICATION     685 13 SYNCHRONIZATION AND STATE    755 III Software Vulnerabilities in Practice 14 NETWORK PROTOCOLS    829 15 FIREWALLS    891 16 NETWORK APPLICATION PROTOCOLS    921 17 WEB APPLICATIONS    1007 18 WEB TECHNOLOGIES     1083 BIBLIOGRAPHY     1125 INDEX     1129

Basic ApproachFoundations of Software Testing is the premiere example-based text and reference for establishing sound engineering practices in test generation, selection, minimization and enhancement, for software projects ranging from the most simple to the highly complex, to those used by government agencies such as the FAA. Foundations of Software Testing also covers data-flow based adequacy and mutation-based adequacy, which are the most powerful of the available test adequacy criteria. It distills knowledge developed by hundreds of testing researchers and practitioners from all over the world and brings it to readers in an easy to understand form.Test generation, selection, priortization and assessment lie at the foundation of all technical activities that arise in a test process. Appropriate deployment of the elements of this strong foundation enables the testing of different types of software applications, including Object Oriented systems, Web services, graphical user interfaces, embedded systems, as well as properties relating to security, performance, and reliability. With over 200 examples and exercises of mathematical, step-by-step approaches, Foundations describes a wide variety of testing techniqes, including finite state models, combinatorial designs, and minimization for regression testing.Table of ContentsPart I: PRELIMINARIES1. Basics of Software TestingPart II: TEST GENERATION2. Test Generation from Requirements3. Test Generation from Finite-State Models4. Test Generation from Combinatorial Designs5. Test Selection, Minimization and Prioritization for Regression TestingPart III: TEST ADEQUACY ASSESSMENT AND ENHANCEMENT6. Test-Adequacy: Assessment Using Control Flow and Data Flow7. Test Adequacy Assessment Using Program MutationAbout the AuthorAditya P. Mathur is Professor and Head, Department of Computer Science, at Purdue University. He is one of the founders of the department of Computer Science at BITS, Pilani, India where he designed, developed, and taught the first course on microprocessors to undergraduate students from his seminal book Introduction to Microprocessors. Dr. Mathur has been a prolific researcher with over 100 published works in international journals and conferences. His key contributions include a multilingual computer, the saturation effect in software testing, a theory of software cybernetics, and novel techniques for the estimation of software reliability.Students, practitioners, and researchers will find this book an excellent source of simple to advanced techniques to use and improve their knowledge of and expertise in software testing.Praise for Foundations of Software Testing:"The book describes techniques in a lucid manner with great clarity with the help of numerous examples. Illustration of the techniques through appropriate examples makes the book very easy to study and assimilate the deep concepts and thus a unique book in the area of software testing.", Ashish Kundu, Graduate Student, Department of Computer Science, Purdue University." As a teacher of software testing and validation, I had to search for books that can be used as references in my class and I found that "Foundations of Software Testing" is the best one for at least the following reasons:- It covers a wide range of concepts related to software testing.- It introduces the different concepts smoothly with examples illustrating them. This helps students a lot in understanding the ideas behind each concept introduced.- The exercises at the end of each chapter test if the students understood the concepts properly and as expected.- The references of the book and the discussion at the end of each chapter both give the reader an opportunity to learn more. The slides are well prepared and organized. This facilitates the task of the professor when lecturing.", Professor Abdeslam En-nouaary, Concordia University."This book teaches software testing as a science and not as an art. It not only presents an engineering a

For software to consistently deliver promised results, software development must mature into a true profession. Emergent Design points the way. As software continues to evolve and mature, software development processes become more complicated, relying on a variety of methodologies and approaches. This book illuminates the path to building the next generation of software. Author Scott L. Bain integrates the best of today’s most important development disciplines into a unified, streamlined, realistic, and fully actionable approach to developing software. Drawing on patterns, refactoring, and test-driven development, Bain offers a blueprint for moving efficiently through the entire software lifecycle, smoothly managing change, and consistently delivering systems that are robust, reliable, and cost-effective.   Reflecting a deep understanding of the natural flow of system development, Emergent Design helps developers work with the flow, instead of against it. Bain introduces the principles and practices of emergent design one step at a time, showing how to promote the natural evolution of software systems over time, making systems work better and provide greater value. To illuminate his approach, Bain presents code examples wherever necessary and concludes with a complete project case study.   This book provides developers, project leads, and testers powerful new ways to collaborate, achieve immediate goals, and build systems that improve in quality with each iteration.   Coverage includes  How to design software in a more natural, evolutionary, and professional way How to use the “open-closed” principle to mitigate risks and eliminate waste How and when to test your design throughout the development process How to translate design principles into practices that actually lead to better code How to determine how much design is enough How refactoring can help you reduce over-design and manage change more effectively The book’s companion Web site, www.netobjectives.com/resources, provides updates, links to related materials, and support for discussions of the book’s content.

For any software developer who has spent days in “integration hell, ” cobbling together myriad software components, Continuous Integration: Improving Software Quality and Reducing Risk illustrates how to transform integration from a necessary evil into an everyday part of the development process. The key, as the authors show, is to integrate regularly and often using continuous integration (CI) practices and techniques.   The authors first examine the concept of CI and its practices from the ground up and then move on to explore other effective processes performed by CI systems, such as database integration, testing, inspection, deployment, and feedback. Through more than forty CI-related practices using application examples in different languages, readers learn that CI leads to more rapid software development, produces deployable software at every step in the development lifecycle, and reduces the time between defect introduction and detection, saving time and lowering costs. With successful implementation of CI, developers reduce risks and repetitive manual processes, and teams receive better project visibility.   The book covers How to make integration a “non-event” on your software development projects How to reduce the amount of repetitive processes you perform when building your software Practices and techniques for using CI effectively with your teams Reducing the risks of late defect discovery, low-quality software, lack of visibility, and lack of deployable software Assessments of different CI servers and related tools on the market The book’s companion Web site, www.integratebutton.com, provides updates and code examples.  

For any software developer who has spent days in “integration hell, ” cobbling together myriad software components, Continuous Integration: Improving Software Quality and Reducing Risk illustrates how to transform integration from a necessary evil into an everyday part of the development process. The key, as the authors show, is to integrate regularly and often using continuous integration (CI) practices and techniques.   The authors first examine the concept of CI and its practices from the ground up and then move on to explore other effective processes performed by CI systems, such as database integration, testing, inspection, deployment, and feedback. Through more than forty CI-related practices using application examples in different languages, readers learn that CI leads to more rapid software development, produces deployable software at every step in the development lifecycle, and reduces the time between defect introduction and detection, saving time and lowering costs. With successful implementation of CI, developers reduce risks and repetitive manual processes, and teams receive better project visibility.   The book covers How to make integration a “non-event” on your software development projects How to reduce the amount of repetitive processes you perform when building your software Practices and techniques for using CI effectively with your teams Reducing the risks of late defect discovery, low-quality software, lack of visibility, and lack of deployable software Assessments of different CI servers and related tools on the market The book’s companion Web site, www.integratebutton.com, provides updates and code examples.  

“This book fills a huge gap in our knowledge of software testing. It does an excellent job describing how test automation differs from other test activities, and clearly lays out what kind of skills and knowledge are needed to automate tests. The book is essential reading for students of testing and a bible for practitioners.”—Jeff Offutt, Professor of Software Engineering, George Mason University“This new book naturally expands upon its predecessor, Automated Software Testing, and is the perfect reference for software practitioners applying automated software testing to their development efforts. Mandatory reading for software testing professionals!”—Jeff Rashka, PMP, Coauthor of Automated Software Testing and Quality Web SystemsTesting accounts for an increasingly large percentage of the time and cost of new software development. Using automated software testing (AST), developers and software testers can optimize the software testing lifecycle and thus reduce cost. As technologies and development grow increasingly complex, AST becomes even more indispensable.  This book builds on some of the proven practices and the automated testing lifecycle methodology (ATLM) described in Automated Software Testing and provides a renewed practical, start-to-finish guide to implementing AST successfully.In Implementing Automated Software Testing, three leading experts explain AST in detail, systematically reviewing its components, capabilities, and limitations. Drawing on their experience deploying AST in both defense and commercial industry, they walk you through the entire implementation process—identifying best practices, crucial success factors, and key pitfalls along with solutions for avoiding them. You will learn how to:     Make a realistic business case for AST, and use it to drive your initiative    Clarify your testing requirements and develop an automation strategy that reflects them    Build efficient test environments and choose the right automation tools and techniques for your environment    Use proven metrics to continuously track your progress and adjust accordinglyWhether you’re a test professional, QA specialist, project manager, or developer, this book can help you bring unprecedented efficiency to testing—and then use AST to improve your entire development lifecycle.

“This book represents a thorough and extensive treatment of the software build process including the choices, benefits, and challenges of a well designed build process. I recommend it not only to all software build engineers but to all software developers since a well designed build process is key to an effective software development process.” —Kevin Bodie, Director Software Development, Pitney Bowes Inc.   “An excellent and detailed explanation of build systems, an important but often overlooked part of software development projects. The discussion of productivity as related to build systems is, alone, well worth the time spent reading this book.” —John M. Pantone, Objectech Corporation, VP, IT Educator and Course Developer   “Peter Smith provides an interesting and accessible look into the world of software build systems, distilling years of experience and covering virtually every type of tool in the build engineer’s toolbox. Well organized, well written, and very thorough; I would recommend this book to anyone with a build system under their responsibility.” —Jeff Overbey, Project Co-Lead, Photran   “Software Build Systems teaches how to think about building software. It surveys the tools and techniques for building software products and the ways things go wrong. This book will appeal to those new to build systems as well as experienced build system engineers.” —Monte Davidoff, Software Development Consultant, Alluvial Software, Inc.   Inadequate build systems can dramatically impact developer productivity. Bad dependencies, false compile errors, failed software images, slow compilation, and time-wasting manual processes are just some of the byproducts of a subpar build system. In Software Build Systems, software productivity expert Peter Smith shows you how to implement build systems that overcome all these problems, so you can deliver reliable software more rapidly, at lower cost.   Smith explains the core principles underlying highly efficient build systems, surveying both system features and usage scenarios. Next, he encapsulates years of experience in creating and maintaining diverse build systems–helping you make well-informed choices about tools and practices, and avoid common traps and pitfalls. Throughout, he shares a wide range of practical examples and lessons from multiple environments, including Java, C++, C, and C#. Coverage includes   • Mastering build system concepts, including source trees, build tools, and compilation tools • Comparing five leading build tools: GNU Make, Ant, SCons, CMake, and the Eclipse IDE’s integrated build features • Ensuring accurate dependency checking and efficient incremental compilation • Using metadata to assist debugging, profiling, and source code documentation • Packaging software for installation on your target machine • Best practices for managing complex version-control systems, build machines, and compilation tools   If you’re a developer, this book will illuminate the issues involved in building and maintaining the build system that’s best for your team. If you’re a manager, you’ll discover how to evaluate your team’s build system and improve its effectiveness. And if you’re a build “guru, ” you’ll learn how to optimize the performance and scalability of your build system, no matter how demanding your requirements are.

Risk-based security testing, the important subject of this book, is one of seven software security touchpoints introduced in my book, Software Security: Building Security In. This book takes the basic idea several steps forward. Written by masters of software exploit, this book describes in very basic terms how security testing differs from standard software testing as practiced by QA groups everywhere. It unifies in one place ideas from Michael Howard, David Litchfield, Greg Hoglund, and me into a concise introductory package. Improve your security testing by reading this book today.” –Gary McGraw, Ph.D., CTO, Cigital; Author, Software Security, Exploiting Software, Building Secure Software, and Software Fault Injection; www.cigital.com/~gem   “As 2006 closes out, we will see over 5, 000 software vulnerabilities announced to the public. Many of these vulnerabilities were, or will be, found in enterprise applications from companies who are staffed with large, professional, QA teams. How then can it be that these flaws consistently continue to escape even well-structured diligent testing? The answer, in part, is that testing still by and large only scratches the surface when validating the presence of security flaws. Books such as this hopefully will start to bring a more thorough level of understanding to the arena of security testing and make us all a little safer over time.” –Alfred Huger, Senior Director, Development, Symantec Corporation   “Software security testing may indeed be an art, but this book provides the paint-by-numbers to perform good, solid, and appropriately destructive security testing: proof that an ounce of creative destruction is worth a pound of patching later. If understanding how software can be broken is step one in every programmers’ twelve-step program to defensible, secure, robust software, then knowledgeable security testing comprises at least steps two through six.” –Mary Ann Davidson, Chief Security Officer, Oracle   “Over the past few years, several excellent books have come out teaching developers how to write more secure software by describing common security failure patterns. However, none of these books have targeted the tester whose job it is to find the security problems before they make it out of the R&D lab and into customer hands. Into this void comes The Art of Software Security Testing: Identifying Software Security Flaws. The authors, all of whom have extensive experience in security testing, explain how to use free tools to find the problems in software, giving plenty of examples of what a software flaw looks like when it shows up in the test tool. The reader learns why security flaws are different from other types of bugs (we want to know not only that ‘the program does what it’s supposed to, ’ but also that ‘the program doesn’t do that which it’s not supposed to’), and how to use the tools to find them. Examples are primarily based on C code, but some description of Java, C#, and scripting languages help for those environments. The authors cover both Windows and UNIX-based test tools, with plenty of screenshots to see what to expect. Anyone who’s doing QA testing on software should read this book, whether as a refresher for finding security problems, or as a starting point for QA people who have focused on testing functionality.” –Jeremy Epstein, WebMethods   State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive   The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.   Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in softwar

“This book gives thorough, scholarly coverage of an area of growing importance in computer security and is a ‘must have’ for every researcher, student, and practicing professional in software protection.”     —Mikhail Atallah, Distinguished Professor of Computer Science at Purdue University Theory, Techniques, and Tools for Fighting Software Piracy, Tampering, and Malicious Reverse EngineeringThe last decade has seen significant progress in the development of techniques for resisting software piracy and tampering. These techniques are indispensable for software developers seeking to protect vital intellectual property. Surreptitious Software is the first authoritative, comprehensive resource for researchers, developers, and students who want to understand these approaches, the level of security they afford, and the performance  penalty they incur.Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques. Coverage includesMastering techniques that both attackers and defenders use to analyze programsUsing code obfuscation to make software harder to analyze and understandFingerprinting software to identify its author and to trace software pirates Tamperproofing software using guards that detect and respond to illegal modifications of code and dataStrengthening content protection through dynamic watermarking and dynamic obfuscation Detecting code theft via software similarity analysis and birthmarking algorithmsUsing hardware techniques to defend software and media against piracy and tampering Detecting software tampering in distributed systemUnderstanding the theoretical limits of code obfuscation

Winner of the 2011 Jolt Excellence Award! Getting software released to users is often a painful, risky, and time-consuming process. This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours— sometimes even minutes–no matter what the size of a project or the complexity of its code base.   Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the “deployment pipeline, ” an automated process for managing all changes, from check-in to release. Finally, they discuss the “ecosystem” needed to support continuous delivery, from infrastructure, data and configuration management to governance.   The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes   • Automating all facets of building, integrating, testing, and deploying software • Implementing deployment pipelines at team and organizational levels • Improving collaboration between developers, testers, and operations • Developing features incrementally on large and distributed teams • Implementing an effective configuration management strategy • Automating acceptance testing, from analysis to implementation • Testing capacity and other non-functional requirements • Implementing continuous deployment and zero-downtime releases • Managing infrastructure, data, components and dependencies • Navigating risk management, compliance, and auditing   Whether you’re a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever—so you can deliver value to your business rapidly and reliably.  

“This book gives thorough, scholarly coverage of an area of growing importance in computer security and is a ‘must have’ for every researcher, student, and practicing professional in software protection.”     —Mikhail Atallah, Distinguished Professor of Computer Science at Purdue University Theory, Techniques, and Tools for Fighting Software Piracy, Tampering, and Malicious Reverse EngineeringThe last decade has seen significant progress in the development of techniques for resisting software piracy and tampering. These techniques are indispensable for software developers seeking to protect vital intellectual property. Surreptitious Software is the first authoritative, comprehensive resource for researchers, developers, and students who want to understand these approaches, the level of security they afford, and the performance  penalty they incur.Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques. Coverage includesMastering techniques that both attackers and defenders use to analyze programsUsing code obfuscation to make software harder to analyze and understandFingerprinting software to identify its author and to trace software pirates Tamperproofing software using guards that detect and respond to illegal modifications of code and dataStrengthening content protection through dynamic watermarking and dynamic obfuscation Detecting code theft via software similarity analysis and birthmarking algorithmsUsing hardware techniques to defend software and media against piracy and tampering Detecting software tampering in distributed systemUnderstanding the theoretical limits of code obfuscation

Includes coverage of Pentium II - referred to in the chapters on Pentium Pro and MMX. No speed limits have been posted on the PC performance track, yet much software runs in the slow lane, functioning at 10 to 50 percent of its potential speed. The cause of these slowdowns? Bottlenecking on time-critical inner loops. Inner Loops: A Sourcebook for Fast 32-bit Software Development gives the green light to optimal PC performance with practical advice and a strategic sampling of important algorithms. Focused directly on the 32-bit future of PC computing, Inner Loops explores the new rules and opportunities of a wide-open memory space, parallel instruction execution, and clock speeds in the hundreds of megahertz.You'll be taken through: *a thorough review of 32-bit code optimization for the 486, Pentium, and Pentium Pro *making the transition from 16-bit to 32-bit assembly language *principles of C and assembly language optimization *tips for fast 32-bit software design *real-world examples of top-speed inner loops for several important PC algorithms *what MMX, the Intel multimedia extensions, mean for speed Author Rick Booth backs up his theory of speed with practical examples and source code, including such topics as: *Fast memory moves *Random numbers *Hashing *Huffman compression *Sorting *Matrix math *JPEG's inner loop Many chapters contain high-performance demos, which are also found on the CD. These include one of the fastest sort engines possible, a top-speed Huffman compression system, and JPEG's decompression inner loop tuned for top performance. Consultant and developer Rick Booth is a 17-year veteran of the video game and digital video industries. 0201479605B04062001

“A refreshingly new approach toward improving use-case modeling by fortifying it with aspect orientation.” —Ramnivas Laddad, author of AspectJ in Action “Since the 1980s, use cases have been a way to bring users into software design, but translating use cases into software has been an art, at best, because user goods often don’t respect code boundaries. Now that aspect-oriented programming (AOP) can express crosscutting concerns directly in code, the man who developed use cases has proposed step-by-step methods for recognizing crosscutting concerns in use cases and writing the code in separate modules. If these methods are at all fruitful in your design and development practice, they will make a big difference in software quality for developers and users alike.—Wes Isberg, AspectJ team member“This book not only provides ideas and examples of what aspect-oriented software development is but how it can be utilized in a real development project.”—MichaelWard, ThoughtWorks, Inc. “No system has ever been designed from scratch perfectly; every system is composed of features layered in top of features that accumulate over time. Conventional design techniques do not handle this well, and over time the integrity of most systems degrades as a result. For the first time, here is a set of techniques that facilitates composition of behavior that not only allows systems to be defined in terms of layered functionality but composition is at the very heart of the approach. This book is an important advance in modern methodology and is certain to influence the direction of software engineering in the next decade, just as Object-Oriented Software Engineering influenced the last.”—Kurt Bittner, IBM Corporation “Use cases are an excellent means to capture system requirements and drive a user-centric view of system development and testing. This book offers a comprehensive guide on explicit use-case-driven development from early requirements modeling to design and implementation. It provides a simple yet rich set of guidelines to realize use-case models using aspect-oriented design and programming. It is a valuable resource to researchers and practitioners alike.”—Dr. Awais Rashid, Lancaster University, U.K., and author of Aspect-Oriented Database Systems “AOSD is important technology that will help developers produce better systems. Unfortunately, it has not been obvious how to integrate AOSD across a project’s lifecycle. This book shatters that barrier, providing concrete examples on how to use AOSD from requirements analysis through testing.”—Charles B. Haley, research fellow, The Open University, U.K.Aspect-oriented programming (AOP) is a revolutionary new way to think about software engineering. AOP was introduced to address crosscutting concerns such as security, logging, persistence, debugging, tracing, distribution, performance monitoring, and exception handling in a more effective manner. Unlike conventional development techniques, which scatter the implementation of each concern into multiple classes, aspect-oriented programming localizes them.Aspect-oriented software development (AOSD) uses this approach to create a better modularity for functional and nonfunctional requirements, platform specifics, and more, allowing you to build more understandable systems that are easier to configure and extend to meet the evolving needs of stakeholders.In this highly anticipated new book, Ivar Jacobson and Pan-Wei Ng demonstrate how to apply use cases—a mature and systematic approach to focusing on stakeholder concerns—and aspect-orientation in building robust and extensible systems. Throughout the book, the authors employ a single, real-world example of a hotel management information system to make the described theories and practices concrete and understandable. The authors show how to identify, design, implement, test, and refactor use-case modules, as well as extend them. They also demonstrate how to desig

With the techniques in this book, you will have the tools you need to design afar more effective reuse program, prove its bottom-line profitability, and promote software reuse within your organization. Written by a leading software reuse practitioner, Measuring Software Reuse brings together all of the latest concepts, tools, and methods for software reuse metrics, presenting concrete quantitative techniques for accurately measuring the level of reuse in a software project and objectively evaluating its financial benefits. The book addresses all of the many factors involved in a software reuse program: determining what constitutes software reuse-looking at COTS software, operating systems services, tools, code libraries, and more; how to measure the level of reuse in a project; and how to analyze the costs incurred by a software reuse program. You will also find detailed explanations of the various economic models used to evaluate the financial benefits of a reuse program such as cost avoidance, value added, payoff threshold, return-on-investment, and cost-benefit analysis.To further your understanding, the book presents experience-tested techniques for implementing a metrics program by incorporating a recommended reuse metric "starter set. " It also includes an extensive discussion on the metrics for reuse libraries and examines the issue of measuring reuse throughout the software life cycle. 0201634139B04062001

 "When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies   "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."--Howard A. Schmidt, Former White House Cyber Security Advisor   "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."--Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security   Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.   Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of Risk management frameworks and processes Code review using static analysis tools Architectural risk analysis Penetration testing Security testing Abuse case development In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.

Software Engineering with Microsoft Visual Studio Team System is written for a software team that is considering running a software project using Visual Studio Team System (VSTS). It is about the "why" of VSTS: its guiding ideas, why they are presented in certain ways, and how they fit into the process of managing the software lifecycle. This book is the next best thing to having an onsite coach who can lead the team through a consistent set of processes. It is a framework for thinking about software projects in a way that can be directly tooled by VSTS. It presents essential theory and practical examples to describe a realistic process for IT projects. This is a book that any team using or considering VSTS should read.