Professional Books

Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well.

Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA. I am sure, the author will agree on those gaps hopefully we see in the next edition of this book.

The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.

A required reading for anyone involved with software development and implementation. This book drills-down to security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The concepts illustrated on secure coding, white box and black box testing are excellent. As a developer/architect, I thoroughly enjoyed this book and I suggest to everyone who wants to get started on secure coding and testing practices.

Couple of things I QUIBBLE with are... the book does'nt realize the emerging issues and how-to's for build/refactor security for distributed application proliferation as your it - Portals, Web Services and SOA. The way we develop software is changing, the applications are becoming more pervasive and no-longer contained standalone to a system which makes the built-in security brittle impeding the agile business requirements for application/process orchestration, b2b federation and Web based application mashups. I am sure, the author will realize those gaps in the next edition of this book.

Havingsaid - This book is still a must-read for the budding security developer who wants to focus on secure programming and testing.

What is MISSING - You will not find answers for how you do secure web-centric applications, XML Web services - message-level security, identity federation and other b2b application complexities.

Software Security is the best book for learning to integrate security throughout your software development lifecycle. It contains all the security material that is missing from software engineering books. The author understands that your software development lifecycle is different from his, and so focuses on seven touchpoints that can be introduced into any software development lifecycle, instead of attempting to sell you a new lifecycle. He also understands that no matter how important security is to you, you can't change everything about you develop software tomorrow, so he introduces the touchpoints in order of effectiveness based on his extensive consulting experience, starting with tool-assisted code reviews and architectural risk analysis.

If you're a software developer, Software Security is an essential book to have on your shelf, and you'll also want a secure programming book like Secure Programming with Static Analysis (Addison-Wesley Software Security Series) or the author's own Building Secure Software: How to Avoid Security Problems the Right Way.

The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code.

Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security series, whose previous titles include Building Secure Software and Exploiting Software.

In past decades, writing secure code was left to the military and banking industry. Today, with everything on networks, all sectors must get into the act.

Much of the problem is that organizations target their security elsewhere--specifically on networks--rather than on software. But so many malicious attacks are directed at software that it is foolish to leave this vulnerability exposed.

McGraw goes into detail not only about writing secure code but also about key related areas, which he terms "the seven touchpoints of software security."

These points comprise code review, architectural risk analysis, penetration testing, risk-based security tests, abuse cases, security requirements, and security operations. A major portion of the book effectively discusses these "touchpoints," making the work a recommended tool for inculcating software developers with a security mind-set.

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

Gary McGraw's book gets my vote as the best of the six because it made the biggest impact on the way I look at the software security problem. First, Gary emphasizes the differences between bugs (coding errors) and flaws (deeper architectural problems). He shows that automated code inspection tools can be applied more or less successfully to the first problem set, but human investigation is required to address the second. Gary applauds the diversity of backgrounds found in today's security professionals, but wonders what will happen when this rag-tag bunch (myself included) is eventually replaced by "formally" trained college security graduates.

Second, Gary explains that although tools cannot replace a flaw-finding human, they can assist programmers trying to avoid writing bugs. Gary is the only author I encountered who acknowledged that it is unrealistic to expect a programmer to keep dozens or hundreds of sound coding practices and historical vulnerabilities in his head while writing software. An automated tool is a powerful way to apply secure coding lessons in a repeatable and measurable manner. Gary also reframed the way I look at software penetration testing, by showing in ch 6 that they are best used to discover environmental and configuration problems of software in production.

Third, Gary is not afraid to point out the problems with other interpretations of the software security problem. I almost fell out of my chair when I read his critique on pp 140-7 and p 213 of Microsoft's improper use of terms like "threat" in their so-called "threat model." Gary is absolutely right to say Microsoft is performing "risk analysis," not "threat analysis." (I laughed when I read him describe Microsoft's "Threat Modeling" as "[t]he unfortunately titled book" on p 310.) I examine this issue deeper in my reviews of Microsoft's books. Gary is also correct when he states on p 153 that "security is more like insurance than it is some kind of investment." I bookmarked the section (pp 292, 296-7) where Gary explained how the "19 Deadly Sins of Software Security" mix "specific types of errors and vulnerability classes and talk about them all at the same level of abstraction." He's also right that the OWASP Top Ten suffers the same problem. Finally, Gary understands the relationships between operators and developers and the importance of security vocabulary.

I was pleasantly surprised by "Software Security". I reviewed an early draft for Addison-Wesley and wondered where the author was taking this book. It ended up being my favorite software security book, easily complementing Gary's earlier book "Building Secure Software." In my opinion, Gary is thinking properly about all the fundamental issues that matter. This book should be distributed to all Microsoft developers to help them frame the software security problem properly.

A very good book that covers most of the power converter architectures. An excellent addition to your personal library.

The book is so clearly written you can open it practically anywhere and read just the items of interest.

Concepts are supported by properly simplified schematics.

All the math needed for your own designs is shown and explained, but in such a way, that if you do not need the math right now, you can skip it.

Half the reason I bought this book was to learn to build switching power supplies, the other half was to learn analog design in general. The book is excellent for both purposes.

I recently graduated from Virginia Tech (undergrad), and I had only two classes that focused on power supply design/analysis. As an extension to what I learned in those classes (basics about buck/boost/flyback design and fabrication), this book is fantastic.

The book assumes you have a basic knowledge of EE principles, but nearly everything is explained in great detail. Topologies are examined one by one, and the author includes ALL of the derivations that lead to his design equations, which leaves very little room for misunderstanding. Each section contains pros/cons to using that particular topology, how to remedy common problems, and even talks a little about component selection (although since this book is years old, there are probably better components out there).

I haven't spent much time looking at the magnetics design section; however, it seems as though it would be useful. The chapter on loop compensation is excellent as well, offering a complete refresher of control theory and the design/analysis/use of Type 2 and 3 controllers. As I said before, the author assumes you're starting with very minimal knowledge of power supplies, so every equation and assumption is clearly justified in writing.

All in all, I would definitely recommend this text to anyone who is interested in power supply design or has to gain a quick understanding of something in the workplace since it not only includes the "quick and easy" design equations but also how to get there if you really care to know.

If you're an avid electronics enthusiast, you've more than likely had to build some power supplies. The days of building simple linear supplies are over. If you need various voltages that are carefully controlled and/or just want to build efficient supplies, you need to build a switchmode power supply. This handbook will take you through the major topologies, explaining them all in detail, along with the necessary math to choose the proper components, and the theory of how it's done - and how to choose the proper topology in the first place. The book is well-written and stuffed full of very useful information. Power Factor Correction is also covered, with examples, chips, and theory to build PFC circuits, along with transformer design and theory as well. This book is a great book to buy with "Switchmode Power Supply Handbook", by Keith Billings. Keith's book presents additional information and transformer design mock-ups, along with additional ways to calculate and pick components. Used together, you have the information you need to build a working switching supply with a minimum of hassle. Of course, this assumes that you're already famaliar with electronics and magnetism, and have a good working knowledge of algebra and basic trig. These books are not meant for beginners by any means. I am one happy customer to have found such a good reference for an art that seems to only be known by a few anymore, and other reference materials do not even begin to go into the depth that this book does.
The only shortcoming is that Pulse Width Modulation power supply chips are not covered much, but this book cannot be expected to keep up with the latest PWM chips used in switchmode supplies. This problem is easily resolved by going to National Semiconductor's website and getting current datasheets on PWM chips for standalone, voltage-controlled or current-mode designs, of which they have many. Motorola also has reference materials available on PWM offerings that they carry.

Although a good primer on the basic switching topologies, with an excellent chapter on inductor and transformer design, I couldn't help but feel that this book is more than a little outdated (which it is, at nine years old). There was no mention of synchronous or polyphase switchers, inductorless converters, charge pumps, high-frequency designs...and the section on MOSFETs left out what I feel was a great deal of information about paralleling and load sharing. Many of Linear Technology's app notes go above and beyond the material presented in this book...and they're free.

Vacca's new book provides a comprehensive overview of the emerging wireless data technology. The book is geared toward experienced Internet professionals who need to learn how to install wireless networks quickly. It provides numerous hands-on examples, such as an access network protocol, and useful discussions about issues such as the implementation of homeland security (currently most available protocols and products have huge holes). A large portion of the book is devoted to the design of wireless networks, dealing with issues such as standards, robustness, ease of installation and use, and, of course, security. Detailed schematics demonstrate typical filter and uplink applications. The final chapter offers a series of recommendations to support Vacca's assertion that wireless technology is the key to the future of communications and concludes that future networks will require a new methodology that integrates all layers of network design. The book is organized to move from an overview of this emerging technology through the planning and design, installation and deployment, and configuration phases. It also supplies advanced solutions to wireless design problems and new directions of the technology. Altogether a must for those people who are charged with implementing this type of network in their organizations.

This is the practical stuff you can't ever learn by going to grad school.
Wonderfully comprehensive and chalk full of highly useful information for today's high tech world. Wireless Data hits every conceivable corner of wireless technology with a well balanced mix of overview, technical depth, and hands on applications. The diagrams and illustrations are very well done. Highly recommended for the spectrum of tech managers, network engineers, and technicians. This book will be a mainstay for my reference library.

Vacca provides a unique value in his books in allowing the reader to drill down to the technical level required. This one is certainly no exception. His top-level scenarios are enlightening and encourage you to leap onto the technological bandwagon, but I particularly appreciate his caveats - particularly where he indicates what standardisation or legislation is required within the industry, as well as his very specific cautions against over-design within your application. Subsequently, he proceeds into the technical rationale for such limitations, and where it can be bypassed or overcome.

As I have spent the majority of my applications career interfacing between management/marketing ideals (necessary for progress) and technical viability within the available staff (typically pessimistic after the first few confrontations with external technical reality), I sincerely appreciate Vacca's substantiated presentations of current viability, emergent solutions, and futures.

JohnVacca has again written a book about a subject that has great application in the near future. As notebook computers are fast replacing desktop computers and as flat screen monitors are replacing CRT monitors, wireless data is replacing data transmission via cables of different types. Several companies have already replaced their local networks with wireless networks at work place where their employees can move about the work place and be connected to not only the company's Intranet but also the Internet. This book provides a good explanation in the understanding of wireless data transmission and the challenges for companies that provide wireless transmission to improve this technology as more companies and organizations will soon depend on this application to conduct business.

I have added also this new book by John vacca to my Company library. Practically all of John books end up being used to train all of our employees . You did it again John!
Keep at it , you are the best

Tullio Bortoletto

I looked high and low, and this has to be the best option for developing an LDAP or ADSI component in C++. Find this out of print book and buy it instead of buying another book that is still in print.

Really awesome AD programming book. Covers all the basics of AD and ADSI and then dives into the LDAP API which all other authors try to avoid and dont cover well. You do not need any other AD programming books if you have this one.

Very good book, extensively covers LDAP programming
unlike others.

I've struggled with using LDAP and this explains it all with code samples, which for the likes of makes it easy to learn and best of all Copy and Paste

Really awesome AD programming book. Covers all the basics of AD and ADSI and then dives into the LDAP API which all other authors try to avoid and dont cover well. You do not need any other AD programming books if you have this one.

I am a systems administrator professionally, but I have a need to know the inner workings of UNIX that only seems to be covered in programming books. Specifically relating to certain system calls and interprocess communication methods.

This author has forgotten more about UNIX than I will ever grasp. While this book is dedicated to programming applications in UNIX and understanding the operating system's function calls, I am finding it to be a very handy reference for advanced system administration as well. The book is worth the price just for the chapters on process communication, in my opinion.

I really like the author's writing style. He gets down to business and covers the material without adding a lot of needless fluff or by making the chapters overly wordy.

The book is designed to server as a reference and is well-indexed, which is refreshing to find these days. It's very easy to find a topic you need as not everyone will need the amount of depth covered by each chapter in full.

I wish there were more UNIX books out there like this one.

The book is good for beginners. All you need to know to get started with Unix/Linux programming.

I bought this book in order to get an overview on what primitives I have available on a unix system for doing system programming. I found the book to be very useful for that purpose.

I use it occasionally.

I also found my peers lending it from me again and again.

To summarize: useful.

What's more to say, the title say's it all... Buy it!

This is an exceptional introduction to Unix features that most people won't see in every-day programming. The feature that Rochkind starts with may be the most problematic: portability. There have historically been dozens of Unices (sp?), all slightly different from each other. Even today, there are a number of different implementations in use, with small but maddening incompatibilities between them. Rochkind not only addresses the more common ones, he shows the standards-based ways of dealing with their differences.

After that, Rochkind goes over read/write/open/close/ioctl again, dealing with [a]synchronous subtleties that can mean a 100x difference in performance, backed by code samples and timing measurements. The rest of the book deals with multi-process applications, including communication and distributed processing issues. That includes process groups, interprocess communication (with all its system-dependent weirdness), sockets, and signals.

This isn't for the beginner or for the kernel developer, but never meant to be for either. It is a good, readable introduction to protentially tricky parts of the Unix API. I recommend it strongly to anyone building their own library of Unix references.

//wiredweird

This book was an oasis in the desert of COM/CORBA obfuscation and confusion. This is the most fair, useful and easy to comprehend overview of these two models that I've come across. The author has the ability to convey the material in a way that makes it almost painless to comprehend...buy the book NOW.

Though not explicitly meant to be this book might also serve as an introduction to both CORBA and COM: quite an achievement. The authors waste no words and keep a neutral standing between the poles. I hope the next edition will contain some information about Microsoft.Net too.

A concise and comprehensive analysis of two technologies that are not necessarily mutually exclusive. Mr. Pritchard did an excellent work of dissecting each one and at the same time, achieved a perfect balance between theory and code examples that is so rare on this field. If you need to decide between COM and CORBA on your next eBusiness or back-office integration project, this book will set you on the right path.

If you're in the process of architecting a new system or planning to rearchitect an existing system, this book will prove invaluable in helping you evaluate the strengths and weaknesses of each approach. Even if you're just interested in both technologies and want to dig deeper into each, this book is a sure bet!

This book is quite thin, and yet it includes so much. The open mind towards competing technologies is important, we should all look at facts in an objective way. The book gives an excellent view on COM, CORBA and the differences between them. It also shows programming examples (not in depth) and explains things like "push" technologies very good. I would expect the first book in this subject (side-by-side approach) written by a technician, to be too detailed, with a poor language and not very educational. I was very wrong. An amazing book!

This is a must read book for anyone who is serious about how to bring their spirituality to the workplace.

Business is an essential part of our lives. Doing business consciously, Fred Kofman, a co-founder of the consulting firm Axialent, is an essential part of living consciously. The author presents a business model where managers are more conscious of the inner and outer lives of employees.

Anyone who works intuitively understands there are two types of managers. As a professor of accounting, Kofman begin his classes by having students listen to one of Beethoven's pieces over and over. Gradually the students would realize that the music was not in the CD; but in the listening. In music as in business, Information's only value is in how it is interpreted.

Most recognize the need for smart employees with the latest in technical competency. Kofman argues it is more important, and less recognized, that organizations recruit and retain employees with high-level consciousness.

He draws a contrast between unconscious attitudes and their conscious counterparts. They are:

Unconscious Attitudes.....................Conscious Attitudes
Unconditional Blame.......................Unconditional Responsibility
Essential Selfishness........................Essential Integrity
Ontological Arrogance.....................Ontological Humility
Unconscious Behaviors....................Conscious Behaviors
Manipulative Communication..........Authentic Communication
Narcissistic Negotiation....................Constructive Negotiation
Negligent Coordination.....................Impeccable Coordination
Unconscious Reactions.....................Conscious Reactions
Emotional Incompetence...................Emotional Mastery.

These qualities are simple to understand; yet, they are difficult to implement. They represent common sense; yet, they are not found widely in common practice. They seem natural, yet they challenge deep-seated assumptions individuals hold about themselves, others and their world.

Kofman opens the reader's conscious to a unique resource for maximizing profit and potential in the workplace and beyond. Written concisely and coherently he communicates an uncommon wisdom about the truth of our emotions and healthy interpersonal practices in business and life.

The hard part about starting or running a business is not the long hours, the tight deadlines, or the stresses of being overworked in the face of an insecure future. The real challenges that make or break us surround dealing with our own integrity, our priorities, and conflicts with others.

This book covers those challenges and offers many tools and examples of how we can manage them and come out ahead having built a stronger foundation and a stronger company.

I personally can't stand the idealistic tones of the book but I will admit, unlike most of these books that I have read, this one is much more grounded inthe harsh challenges of reality such as the fact that, while in business and in dealing with others failure is not an option but success is not always achieved.

If you read this book you will find yourself referencing it as you deal with life on any level because the authors clear mind and direct language gives you the language to describe and communicate the situation and how best to manage it.

Fred Kofman does a good job explaining his concepts, however his accent can be a little disconcerting at first. If you are a Landmark Education graduate, the material on these CD's is very nearly a rip-off of the same concepts (i.e., having Integrity, Honoring your Word, etc...). For non-Landmark graduates, these CD's cover many soft-skills concepts that can be effective in your personal life, but he applies them (a little obscurely) to a work environment. If you are trying to get your own business off the ground, "Conscious Business" does not offer strategies for doing so, but rather best practices to remain successful. In other words, you won't find tips regarding how to file your returns, collect data effectively, or document discipline. You will instead find tips about the importance of keeping your word, how to stop stressing about work, and things of that nature. The program was not bad--in retrospect, I would have found it no more than $15 worth of value. Take that for what you will.

Written by Fred Kofman (co-founder and president of Axialent consulting company), Conscious Business: How to Build Value Through Values is a straightforward guide to applying conscious awareness to its fullest extent, recognizing the needs of others, and effectively expressing one's own needs order to build responsibility, integrity, leadership, and reputation - all of which are invaluable tools to a business' continued success. Drawing from real-world examples by such famous companies as Microsoft, Yahoo!, and much more, Conscious Business reveals how being mindful of fundamental human virtues and even "spiritual" questions such as "Who am I?" and "What is my real purpose here?" are positive, empowering assets. A clarion call for balancing fiscal obligations with ethical and moral responsibilities for increased success in all dimensions of business life.

Executive coaching for results provides an interesting insight into the world of executive coaching across the US. The authors and their contributors have condensed into this volume much of the coaching research on what makes for effective coaching, coach matching and coaching impact. These research elements are mixed with excellent short real life case studies which illustrate the points made from the rsearch.

Overall this is an excellent read.

Using contemporary data and years of coaching experience, the authors offer a robust tool for guiding the coaching process. Experienced and beginning coaches will find gems that will enhance their coaching effectiveness. This book is a focused, no-nonsense guide to effective leadership coaching and development.

Executive Coaching for Results provides an invaluable service to the field of talent and management development:direct information from dozens of top flight corporate leaders and practitioners of executive coaching.
Quite simply there is nothing else like this book in the marketplace and anyone who wants to gain a comprehensive knowledge of the state of the art of this ever dynamic field and area of practice needs to purchase a copy today.

This book is a helpful and practical guide with stories, research and ideas. The authors describe how organizations successfully implement coaching. A must read for any leadership development professionals!

This book belongs in every internal and external coach's library! Leadership Development, Talent Management and Human Resource practitioners, who play a direct or indirect role in leadership development, would also find it greatly beneficial.

This very comprehensive and easy-to-read resource covers all aspects of executive coaching. The research, authors' experience and organizations' first-hand learnings and best practices are insightful and invaluable.

I have listened to this book several times. Zig Ziglar is just wonderful teacher. This is a short book for all intents and purpose but it will give you a solid starting point for why we need goals and how to get going with them.

Mr. Ziglar is simply amazing. He is consistently motivating, inspirational, and right on in all that he says and writes. Truly a national treasure. Every bit of his offerings help me to do, as he says, "what I ought to do when I ought to do it", so that I will be able to do "what I want to do when I want to do it."

I have purchased other Zig tapes and really enjoy them. I thought this was going to be something new. It's not. It is the same stories all over again. I also do not recommend the CD if you are going to be using it as a car audio. CDs can't just stop, be ejected so you can listen to something else, and put back in like a tape can.

Everyone in the world needs to read or listen to what Zig has to say on Goals. Everyone in the world needs to set goals, oh what a better world this would be.

A must read/listen.

This is truly an excellent audio which has been worth many times its price to me. I have listened to it literally hundreds if not thousands of times over the last twenty years and it has helped me in my life to be successful in a variety of positions, through career transitions, etc.

In this tape, Zig Ziglar uses stories, reasearch nuggets and powerful metaphors to drive home his points in an extremely powerful way. He is very present when he speaks and the tape is not only informative, it is funny and entertaining.

This is a perfect tape to listen to over and over again while you are commuting. This is how I used it for many years. As a personal growth coach who does a large amount of public speaking, workshops and one-on-one coaching -- I feel I am in a good position to judge the merit of what is out there.

Zig is a Christian and this might not go over well with some audiences. However, he doesn't push this agenda, but he does at different points use some illustrations that come from the bible. For example, in one section he quotes the bible about money saying, "he who seeks silver, will never be satisfied with silver" and goes on to explain how you can never have enough money, UNLESS the money has you. I think that's a very wise statement and it's not money itself that is bad, but how you use it. The point he seems to be making is that are you a good steward of your money, which I think it a relevant point that requires guts to make in the current business environment. In fact, I would suggest it's an essential point.

Cognitively, I probably knew most of what was in this audio. However, I know it differently now at a deeper level because of using it. This tape is done in such a way that the ideas sink in deeply and become a part of you. I can't recommend it highly enough.

Also, in addition to working in psychology, I was also a marketing person for Xerox when they were Fortune 25. I went through their International Center for Management Development and won their Team Xerox Spirt Award. The point of me sharing this is that I know what it takes to train sales and marketing people and I recognize a good and practical resource when I come across it. I don't think you can go wrong with this audio, especially at the price they are offering it at.

Esty and Winston seem to be a perfect duo to write this book. Together they have a very strong and complementing background, ranging from experiences in academics and government to green and strategy consulting. The result is a book that has the right balance of theory and practice. While many books on green business only focus on the bright side, Esty & Winston are more realistic. They admit that not every business policy leads to win-win situations and describe the main fallacies, therewith making their book more "complete". The book is very easy to grasp through clear structures, concise business maps and numerous examples of S&P 100 firms. Furthermore, the latter ensures that you'll remind the book's message every time you'll order a cup of coffee at Starbucks or a meal at McDonald's.

The first 70% of the book is most interesting. After that, Esty and Winston start repeating concepts as well as business cases. Although the discussed cases are strong and helpful, Esty and Winston refer to the same companies over and over again, while forgetting about many other so called "WaveRiders". I'm wondering what the book would have been like if they had picked another set of front running firms to shed light on. They could probably fill a complete second book with it, so who knows..

I have revisited this book a number of times since I read it last year. It is a good resouce in understanding the benefits and dangers of going green.

Excellent breakdown of the drivers for companies to go green. Also excellent analyses of strategies used by the corporate world to achieve their goals with green programs. Many examples of what worked and what didn't work.
Great reading!

Good book with alot of insights... but I think you really have to be interested with these matters to be able to finish the book.

This is a great book! The information presented is very useful. I have also heard both authors speak at conferences. They have a great message and convey it clearly.