5 comments about Automated Software Testing: Introduction, Management, and Performance.

1. As an engineer involved with software QA for a number of years, I found the book to be so generalized as to be essentially worthless. The authors devote page after page to explain methods and procedures with diagrams that depict the intuitively obvious. Their ATLM (Automated Test Life-Cycle Methodology) is as complicated as diagramming the Earth's water cycle. I don't need to spend Forty odd dollars and peruse 600 pages to learn that I might be able to use some nonspecific automated testing tool somewhere along the software development process.



2. I recently joined a firm that simply wanted to purchase an automated test tool within two weeks; "it made little difference which tool". Using this book, they became convinced we should install at least three tools, on evaluation. Good thing we did: we found that only one could deal with "customized" Java applets used in their applications.

   Little did our test team know beforehand that new automated tools require evaluation: what technologies are your applications using? what levels of test planning and scripting skills will be required for each tool? what other tools may be necessary sooner or later? and, does your test tool vendor of choice market such complementary tools? And much, much more.

   "Automated Software Testing" guides readers through each step in the planning, selection, and implementation process to assure that automated software testing will be developed in a systematic manner.

   See the table of contents. You will find that for less than the cost of a testers time for two hours, your business will be investing in knowledge that will save perhaps hundreds of thousands of dollars over the life of your applications.




3. This is one of THE books if you plan on implementing automated testing in your software shop. Covers everything from Lifecycle to tool evaluations to best practices. This one that is definitely on my "bookshelf on the go" that follows me to all projects. I especially appreciated the Appendix with real world stuff and references to tool manufacturers. Great work!



4. Unfortunately this book (like nearly all other books on software testing) does not teach you how to test software. Instead it only gives you information needed to manage software testing. And, like many other books of management, it is highly repetitive and redundant. For somebody needing compressed information this is the wrong book. I think it would be no big deal to reduce the number of pages to 50% and still deliver the same message. The exmamples given in the text read like from a psychology book, not like from a technical book. Despite my critique I have to admit that the annexes in the book can be highly valuable. Personally I liked best the review of the big number of test tools.



5. This book as far as I am concerned is best automation software testing book written ever.

5 comments about The Rational Unified Process: An Introduction (3rd Edition) (Addison-Wesley Object Technology Series).

1. Target Audience
   IT professionals who need to learn about the Rational Unified Process (RUP)

   Contents
   This book is a relatively high-level overview of the entire RUP process.

   The book is divided into the following chapters: Software Development Best Practices; The Rational Unified Process; Static Structure: Process Description; Dynamic Structure: Iterative Development; An Architecture-Centric Process; A Use-Case-Driven Process; The Project Management Discipline; The Business Modeling Discipline; The Requirements Discipline; The Analysis and Design Discipline; The Implementation Discipline; The Test Discipline; The Configuration and Change Management Discipline; The Environment Discipline; The Deployment Discipline; Typical Iteration Plans; Implementing the Rational Unified Process; Summary of Roles; Summary of Artifacts; Acronyms; Glossary; Bibliography; Index

   Review
   The Rational Unified Process, or RUP, is a software engineering methodology that attempts to map out and document all parts of a software development project. It's extremely comprehensive, but it's also adaptable to whatever level of effort is appropriate for your situation. This book, The Rational Unified Process - An Introduction, is a good start to begin your understanding of RUP.

   First off, let me say this is not an easy read. It's a good book with all the information you need to know to start using RUP, but the information is dense and highly detail oriented. Like most developers, I'm more oriented towards coding and testing. But realistically, you need to know what the system should do before you get to the coding piece. RUP helps to put all that into a formal framework so that the necessary things will get done in the proper order.

   While the entire RUP framework might feel overwhelming, the author makes sure to let you know that you can adapt the RUP to meet your situation. If you are adding a function to an existing system, you will be more focused on use cases, development, and deployment processes. The author does a good job in segmenting the information so that you can more easily focus on your needs.

   You should also not consider this the end-all volume on RUP that you will ever need. Kruchten doesn't try to detail specific techniques like use cases or UML. You will learn where they fit in to RUP, but you will need additional information on how to implement use cases or UML diagrams. Consider this the volume that allows you to place everything in a mental framework so that you can figure out what you will need to know going forward.

   Conclusion
   If you are considering or in the process of implementing RUP, this is a book you should be studying. It's not an easy read, but it will give you the overview you need to understand the process and concepts.




2. This book introduces the logic behind Rational Unified Process (RUP). RUP is a novel idea. It puts several good practices in a consolidated package. What makes RUP useful is the fact that Rational provides all the necessary software tools to support this. This book does an average job in explaining the RUP. It over stresses obvious and well accepted concepts like "iterative development"; which makes the first half (6 chapters) of this book a bit boring. For a professional with software development and management experience, I found the first sixe chapters are best read at a cursory glance. The second half of the book introduces the workflows - and it is this half that I found more interesting. I finished this book as bed time readoing over the weekend - so this book is an easy reading. However this book is not about teaching how to use Rational Products. This book only gives an overview of the basis of origination of RUP. You would need another book to become an expert in using RUP.



3. It's an introduction, all right. The trouble is, it's such a high level introduction that there's almost no useful information whatsoever. The entire time I was reading, I was waiting for the author to get to the meat, only to discover at the end that there was none. It was like ordering a double cheeseburger, and getting two buns with ketchup and a pickle, and no beef patties.
   
   I can only assume that Rational paid the author for his time in the hopes that people, after reading this book, would purchase their entire software suite just to find out what the RUP actually involves.
   
   Despite my severe disappointment (and relief that I didn't have to pay for it myself), I can't rate it any lower than two stars. It's well written, and it could quite possibly be useful to managers and other business types who have no idea how software development works. The second star is for Rational's sheer chutzpah in getting a respected publisher to put out a $30 marketing pamphlet for them.



4. "The Rational Unified Process, An Introduction" offers readers a concise and strong introduction to the topic of the Rational Unified Process (RUP). Stressing the role of RUP in unifying the entire software development process, this book underscores the importance of efficient and effective software development.
   
   The book is structured in a logical and easy-to-follow manner and makes good use of descriptive graphics. For those with an interest in optimizing their software development processes, this is a good addition to your library.



5. After starting a few books in this series, this is the one I ended up finishing because of its readability. As an introduction to RUP, this book did its job. My only reservation is that it might be a bit too formal for those unfamiliar with the RUP jargon.

5 comments about Programming Microsoft ADO.NET 2.0 Applications: Advanced Topics.

1. Great book for ado.net. I wish this book has covered "how to use new features of ado.net with business layer. There should be some more chapter(s) for data acesss layer utilizing ado.net.



2. This book does delve deep into the plumbing of ADO.Net 2.0, but I must admit that when I read the "Advanced Topics" part of the title, I thought that it would actually cover more complicated versions of some scenarios that might be found in "beginners" ADO.Net books such as handling many-to-many data relationships with bound controls and possibly designing and building a data access layer. While data access layers were covered to some degree, the described methods involved intensive interaction with SQL Server system tables - something I don't tend to make a practice of.
   
   The information in the book is good, just not what I was hoping to find.



3. Glenn Johnson has a very good book here on ADO.NET 2.0. Unfortunately, it just good not great. Here are my pros and cons:
   
   Pros:
   
   1. Well written and thought out.
   2. Excellent coverage of ADO.NET Trace Logging.
   3. Coverage of LOBs/BLOBs/CLOBs is very well thought out.
   4. Discussion of Connection Pooling is very good.
   5. Coverage of writting your own classes that work with System.Transactions is invalulable.
   
   Cons:
   
   1. Too many basic topics covered for an "Advanced Topics" book.
   2. ASP.NET GridView/WinForms GridView chapters are unnecessary and incomplete.
   3. Code examples are terse and somewhat unreadable (no blank lines).
   4. Some information inaccurate (e.g. Suggestion of using Database Mirroring in SQL Server 2005 which was dropped as a supported feature.)
   5. SQL Server Specific...lackluster Oracle, ODBC, OleDb coverage.
   6. Data Caching only discusses caching with SqlDependencyCache. There are a myriad of caching options, and this is only one of them.
   
   While not really a problem with the book, I disagree with the author in a number of assertions:
   
   - He pushes the idea of GUIDs as keys, but never discusses the index fragmentation issue with GUIDs as keys.
   - His discussion of SQLCLR doesn't warn the users enough (I know "enough" is a subjective phrase) that they shouldn't write all their code in SQLCLR.
   - Mentions that "The 8,000-byte limit is much higher than you should ever need." when discussing SQLCLR User Defined Types. -- I disagree since a single object might not reach that, but a shallow object graph will reach 8K very easily.
   - No comparison between SQLCLR UDT's and XML Typed XML.
   - Using XML in SQL Server is touted instead of disuaded. More often than not, storing your XML in SQL Server just to have it there (or without dissecting it into relational data) will just hurt performance and raise the complexity of a system.
   
   I gave the book a four out of five starts on Amazon.com because I think it will be a valuable resource for most developers. But it is not a perfect book.



4. Here it is. It's an ok book. But I have to agree with one of the previous post about the GUId Keys. I also found that the grid topics were not need it as well as the overview (the first two chapters.) If is advanced, I'm assuming the reader knows that or has another book.
   I think that saving 4 to 6 chapters that were not need it, they could have extended the book to be far more advanced and concentrate in transactions, SQLCLR and so on.



5. This is a very good book, well written, the author has a clean style that I enjoyed very much. All topics are extensively covered with small but very useful examples. No pages of code: Just what is needed.
   I give 4 stars only because it lacks explaining some in depth argument such as subclassing datasets or typed datatables. I expect a new edition with add-ins that will cover those new topics.

5 comments about Java NIO.

1. The book is useful to get started on nio, but you may overgrow it after a week:
   it does not delve deeply into the matter. Particularly missing are:
   - Mapped byte buffer uses
   - Interactions between java & else using mapped files
   - OS/platform idiosyncrasies (limits etc)
   - Performance analysis

   Finally, be aware that half of the book is devoted to regular expressions. The conflagration of nio and regexps is rather strange. I would rather have a shorter book with just a little more depth.




2. NIO is a great IO class, I think it's the best package presented by Sun since Swing, it provides you with more than what you need from NIO class in just 250 pages.



3. I am not sure what else is out there? The book ok, but not really remarkable in any way.



4. This is a pretty good overview, particularly for those who have no previous experience with non-blocking IO. The author explains the concept of buffers very well, with useful diagrams illustrating the differences between position, limit, etc.
   
   The material on selectors and readiness selection is also strong.
   
   The problem is, there are idiosyncracies to NIO that make it difficult to use effectively for large-scale, high-performance applications without some in-depth knowledge.
   
   If you're really looking to architect a substantial NIO server or client, read this book for the overview, but also be sure to take a look at the open source Netty framework by Trustin Lee, or Ember IO by Mike Spille to see good NIO implementations that you can use as a building block.



5. No, that's not a mistake the F in the RonF, I really meant it.. in italian "ronf ronf" stands for the sleeping snore, and that's what you will be doing if you try to read this book. I had to struggle with myself real hard to force my way through this book, and trust me, I am used to reading books that are not exactly pure entertainment. The material presented is actually quite accurate and useful, only the presentation style is abysmally boring, arid and schematic. Even the table of contents reflects that, it goes: Buffer - Channel - Selectors - Regexp - Charsets. Every subject is explained pretty much in isolation of each other. How can you possibly put together anything even remotely engaging and conving with a style like that? It's like trying to teach you the english language using a dictionary, first learn all the words that start with A, then let's go to the B...
   The irony is that in the intro to chap 1, the author even makes jokes about IO not being so dull as usually believed. Well I agree with him , but he certainly managed to make an outstanding contribution to the dullness of IO. Should he be congratulated?

3 comments about Managing Projects with Microsoft Visual Studio Team System (Pro-Developer).

1. In Managing Projects with Microsoft Visual Studio Team System, Joel really gets to the heart of addressing the reasons and benefits of having a common set of application lifecycle management tools (Visual Studio Team 2005 System) for all participants in the software development process to effectively track and report on individual and team progress.
   
   It's not just the tracking and reporting, but its the metrics provided that allow answers to questions such as:" What percent complete are we at for this development project?; What's the overall software quality measurement?; How much more time is required before we are done?"
   
   Not only does Joel discuss the problem of inter and extra-team communications for reporting on software development projects, he provides practical advice, examples and guidelines on how to implement and use Visual Studio 2005 Team System to orchestrate the communications and reporting processes for all roles (project manager, architect, developer, tester, sponsor, etc.) in the software development process.
   
   A must read for anyone that manages Visual Studio.NET software development projects and wants to increase the effectiveness of their development efforts!



2. This book helped me with ideas that put in practice, provided new ideas of as it manages projects with VSTS. For me it was useful.



3. This book provides a good overview of VSTS. It goes into enough detail that the reader understands the broad range capabilities without being overwhelmed. If you just want a reference on VSTS, then I recommend this book.
   
   However, the book is just plain lousy when it comes to the process of managing an actual project. Firstly, PMBOK stands for "Body of Knowledge" not "Book of Knowledge". Secondly, the importance of gathering, analyzing, validating, and verify requirements is woefully under-represented. Quality is mentioned, but in such a cursory way as to be practically useless. Ditto on CMM - not enough detail is given on key processes and work products. The process here seems focused on building software without first determining what to build or checking the correctness of what was actually build.
   
   The approach here might work on small greenfield projects, but would be a train-wreck on any large project with involving any degree of human safety, legacy systems, accountability, etc. In other words, the project management approach in this book is probably not suitable for 90% of projects in an enterprise IT environment.

5 comments about Perl Cookbook.

1. Very useful, well worth it. Getting a book like this and having it save you the time of working out how the (yes, come on, admit it, a lot of perl syntax etc. is quite arcane) actual program should be set out, formatted or whatever, is fantastic. Several times this book has done that for me, so one of the best computer book purchases I have ever made.



2. yummy perl recipes; easy to prepare! very helpful for working with date and time data.



3. Most O'Reilly Perl titles imply you'll learn something useful. Only Learning Perl and the Perl Cookbook fully come through in that regard.
   
   The Perl Cookbook features some very practical solutions to some very practical problems (in Perl).
   
   I find myself coming back to this one again and again - more so than Learning Perl, Programming Perl, Programming the Perl DBI, or Perl Best Practices. This is The One. The book to use to learn the Right Way to perform quite a large number of useful functions or tasks in Perl.



4. Your first book on PERL should be "Learning PERL", now in its second edition. It takes you through the basics of PERL in a crystal clear fashion with lots of explanations, exercises, and examples. This should be your second book after you've learned to speak basic PERL. When you want to know the most efficient way to approach specific problems, no other book beats it. A concurrent purchase should be Programming PERL. That book is the definitive book on the language, but you could no more learn to program in PERL from that book than you could learn to speak English by using a dictionary as your textbook.
   
   Spread over five chapters, the first portion of this book addresses Perl's basic data types. Chapter 1 covers matters like accessing substrings, expanding function calls in strings, and parsing comma-separated data. It also covers Unicode strings. Chapter 2 tackles oddities of floating-point representation, placing commas in numbers, and pseudo-random numbers. Chapter 3 demonstrates conversions between numeric and string date formats and using timers. Chapter 4 covers everything relating to list and array manipulation, including finding unique elements in a list, efficiently sorting lists, and randomizing them. Chapter 5 concludes the section on basics with a demonstration of the most useful data type, the associative array. The chapter shows how to access a hash in insertion order, how to sort a hash by value, how to have multiple values per key, and how to have an immutable hash.
   
   Chapter 6, includes recipes for converting a shell wildcard into a pattern, matching letters or words, matching multiple lines, avoiding greediness, matching nested or recursive patterns, and matching strings that are close to but not exactly what you're looking for. Although this chapter is one of the longest in the book, it could easily have been longer still since every chapter contains uses of regular expressions. It's part of what makes Perl the language that it is.
   
   The next three chapters cover the filesystem. Chapter 7 shows recipes pertaining to opening files, locking them for concurrent access, modifying them in place, and storing filehandles in variables. Chapter 8 discusses storing filehandles in variables, managing temporary files, watching the end of a growing file, reading a particular line from a file, handling alternative character encodings like Unicode and Microsoft character sets, and random access binary I/O. Finally, in Chapter 9 there are techniques to copy, move, or delete a file, manipulate a file's timestamps, and recursively process all files in a directory.
   
   Chapter 10 through Chapter 13 focus on making your program flexible and powerful. Chapter 10 includes recipes on creating persistent local variables, passing parameters by reference, calling functions indirectly, crafting a switch statement, and handling exceptions. Chapter 11 is about data structures. Here basic manipulation of references to data and functions are demonstrated. Later recipes show how to create elaborate data structures and how to save and restore these structures from permanent storage. Chapter 12, concerns breaking up your program into separate files. The chapter discusses how to make variables and functions private to a module, customize warnings for modules, replace built-ins, trap errors loading missing modules, and use the h2ph and h2xs tools to interact with C and C++ code. Lastly, Chapter 13, covers the fundamentals of building your own object-based module to create user-defined types, complete with constructors, destructors, and inheritance. Other recipes show examples of circular data structures, operator overloading, and tied data types.
   
   The next two chapters are about interfaces: one to databases and the other to users. Chapter 14 includes techniques for manipulating DBM files and querying and updating databases with SQL and the DBI module. Chapter 15 covers topics such as clearing the screen, processing command-line switches, single-character input, moving the cursor using termcap and curses, thumbnailing images, and graphing data.
   
   The last portion of the book is devoted to interacting with other programs and services. Chapter 16 is about running other programs and collecting their output, handling zombie processes, named pipes, signal management, and sharing variables between running programs. Chapter 17 shows how to establish stream connections or use datagrams to create low-level networking applications for client-server programming. Chapter 18 is about higher-level protocols such as mail, FTP, Usenet news, XML-RPC, and SOAP. Chapter 19, contains recipes for processing web forms, trapping their errors, avoiding shell escapes for security, managing cookies, shopping cart techniques, and saving forms to files or pipes. Chapter 20, covers non-interactive uses of the Web, such as fetching web pages, automating form submissions in a script, extracting URLs from a web page, removing HTML tags, finding fresh or stale links, and parsing HTML. Chapter 21 introduces mod_perl, the Perl interpreter embedded in Apache. It covers fetching form parameters, issuing redirections, customizing Apache's logging, handling authentication, and advanced templating with Mason and the Template Toolkit. Finally, Chapter 22 is about ubiquitous data format XML and includes recipes such as validating XML, parsing XML into events and trees, and transforming XML into other formats.



5. If you are beginner to expert, this helps with simple methods that are tried and true. I find it most helpful in giving me ideas of how to address problems far beyond the scope of the book. Sometimes just simple reminders of cookbook methods stimulates thoughts in orthogonal directions that yield the best solutions to customer problems.

5 comments about The Web Testing Companion: The Insider's Guide to Efficient and Effective Tests.

1. I came across this book in the bookstore and was so impressed I dropped the $$$ on it there. I have referred to it at least weekly for test cases. It has more than paid for the purchase price through what it has done to make my job easier. Few books touch on security or performance in a practical manner, but this one digs right in and actually has information you can apply immediately to your app. I can see where the other reviewer might have been frustrated in that it didn't tell him how to write web applications. It is purely about testing them and doesn't get hung up walking you through any specific technologies. It concentrates on the information you need to test your app.
   Don't take my word for it. Stickyminds gave it 4 stars. ...



2. This book is overshadowed by "Testing Applications on the Web: Test Planning for Mobile and Internet-Based Systems" ISBN 0471201006, which is one of the most highly regarded in the testing community. However, that does not mean this book is without merit. On the contrary, the rich content of the appendices, which comprise a significant portion of this work, make it an ideal companion to the aforementioned book.

   Another point in this book's favor is that it is basic enough and structured to make it an ideal text for a course on web testing. The author did an excellent job of describing good practices in web testing and covering the basics. She also provides a good deal of sage advice on careen matters, which a more technical book will overlook.

   I found the chapters on server-side testing accurate and clear enough for new test professionals to completely follow. The chapters on performance and security testing were reasonably complete, and the chapters on client side were as well and clearly written. I also like the author's objectivity - she works for Microsoft, but did not emphasize that company's technologies or processes over standard industry practices.

   As a supplement to a more technical book, such as the one I cited above, or as a text in a basic web testing course this book shines. It is not the definitive reference, but is worth reading if for no other reason than to have the appendices nearby as a ready reference during test cycles.




3. This is the best book I have ever seen on the testing web applications. It covers everything from unicode to Javascript, from security to the validity of the HTML. It teaches through an understanding of the technology, then covers ways to stress the technology to look for bugs. The sections on character encodings and performance testing are particularly well done. This is a must have book for QA professionals tasked with testing a web application.



4. The Web Testing Companion is a manual written for both beginners and experienced web designers, and the author herself is a testing director at Microsoft. If you've had a few years' experience as a designer, developer or webmaster, then the material is not new to you; i.e., optimizing bandwidth, etc.
   
   Obviously, this is not the kind of book you read straight through from beginning to end, but rather a handbook that you can refer to as problems arise. For the most part, the book succeeds as that, and Ms. Ash has divided the book into four general sections: non-technical issues, technical issues, general advice for testers, and finally an excellent set of appendices on various aspects of Web testing.
   
   I'm sure we all can recall incidents of working with defective software that nobody apparently had tested for bugs, sloppy coding, or slow operating time. This was because there was probably a deadline for the software release time, and the developer concluded that hiring testers would be an extra expense.
   
   Non-Technical Issues:
   
   The first four chapters deal with non-technical issues, mostly related to the planning of the application.
   
   Web site planning can involve a number for goals; for example, which is most important: minimal defects or time-to-market? Developing a medical web application to assist in diagnosing illnesses is different from developing an application that will be used to solicit funds. The medical app could be providing life-or-death information, whereas the solicitation site could need high visual appeal. In other words, the app must meet the customer's requirements and expectations, not yours. Most of us already know that, but in one of the book's appendices, the author has given us a checklist of several pages worth of questions to determine exactly what the customer's needs are. That's what I like about this book: It presents some very objective methods for answering subjective questions.
   
   Server-Side and Client-Side Testing:
   
   For server-side (as opposed to client-side) web apps, performance testing and security testing are the most important. Stability problems need to be identified prior to deployment. The tester, therefore, should create many user scenarios derived from the most common and most intensive user actions, and then analyze the performance statistics after the performance tests are completed.
   
   The author recommends that all of your pages load in 15 seconds or less, but this rule really depends on your particular application and the expectations of the people using it. If your app requires large graphics and the users are architects, they will probably feel that waiting a few minutes is worth the effort.
   
   Testing Scenarios:
   
   The author recommends that you set up a test environment that is separate from your development and production environment. This can include a separate web server, database server, and application server if applicable. This is especially important in testing security features. (It should be noted, of course, that some application developers will not be able to afford the elaborate testing facilities of a large corporation.)
   
   Ms. Ash advises, "One of the most common reasons that performance testing of an application is not successful is that the wrong scenarios were tested." Therefore, she recommends that: "Not every line of code or possible interaction needs to be benchmarked on every build. Identify the critical places, the most frequent code paths, and the most expensive ones, the ones that are most important to the user, and spend the precious test time here. If there is more test time left over, spend it on any code paths that have been added since the last release."
   
   At this stage, the author explains numerous helpful methods for setting up baselines, benchmarks and other metrics to determine Web application performance and efficiency. These metrics also include the application's efficiency when interacting with various servers' processors, memory and disk drives.
   
   The author provides a method for charting data flow, which is helpful in both performance and security testing.
   
   Load and Stress Testing:
   
   "Load testing is done to help identify what the load profile for the service is under a load. Knowing the server profile helps you identify when the server in a line production environment is about to break or crash."
   
   Load testing should answer questions like: How many requests per second can the server take, how long does it take to service a request, and What is the uptime under real-world loads?
   
   Finally, an entire chapter is devoted to automation methods. Automation is "an excellent way to ensure that the software of today is just as good as it was yesterday, but management incorrectly assumes that automation will solve all their problems."
   
   The earlier you perform load testing the better. Most people hate to wait for a web page to load, so simple design changes can often make a significant impact on the performance and scalability of your web application. A good overview of how to perform load testing can be found on Microsoft's Developer Network (MSDN) website.
   
   Security Testing:
   
   As with performance testing, the first steps of security testing need to be taken by the product designers to ensure that their code is safe by employing best practices when writing code.
   
   A general rule to remember is that as your company gains more and more data that is desirable, it is also gathering attackers and gathering more that needs defending. On the other hand, the thought that a less important company or service will not be as interesting to an attacker can lull you into a false sense of security. You can still be attacked, for the same reason that small businesses and houses have been robbed; i.e., because they can be easy targets.
   
   The author outlines various methods of testing your apps for a number of "popular" attack methods:
   
   Denial of Service, in which a server can receive thousands of ICMP "ping" requests from hundreds of workstations;
   
   Buffer Overflow, which is becoming a very common method for installing Trojan horses and back door software;
   
   Cross-site scripting, in which an attacker gets his malicious code to run on someone else's Web site; and
   
   SQL Injection, by which the attacker sends malicious code to an SQL database.
   
   General Testing Advice:
   
   The remainder of the book is concerned with various organizations, web sites and other resources open to testers.
   
   Ms. Ash makes the point that many people enter the field of testing involuntarily, and that the testers should not develop an adversarial relationship with management and developers. (Obviously, hard-working developers don't want to be told how inefficient or unsafe their code is, and vice presidents don't want to be told that they have to postpone a release date because of "holes" in their latest product.) Because testers can wield considerable power, the author stresses diplomacy when notifying the developer team about their mistakes in coding. Additionally, the professional tester should communicate regularly with users by giving presentations and attending meetings with management. They should also become certified in relevant technologies.
   
   Although the author could have provided a more readable index or table of contents, she has provided 200 pages of appendices, covering RFCs, error codes, ASCII character sets, and many helpful tables. The appendix material is also available at the author's companion site at www.wiley.com/compbooks/ash.



5. Lydia's book is probably the best written web testing book in the market. The prose is easy to follow, progressive, non-verbose, and sometimes even inspiring. She painfully explicates various testing principles with exacting examples. Published in 2003, some of the examples already show their age but the testing principles and problems are still current. Web technologies have evolved immensely in the last three years and this book would benefit from such updates in a second edition.

No comments about Python: Create - Modify - Reuse.

5 comments about Implementing ITIL Configuration Management.

1. At the technical manager level, this book helps you decide on a configuration management system. There is a moderate amount of jargon in the narrative. But overall, the book's recommendations seem valid. Details are supplied about what to plan for. And it is emphasised that planning is vital to a successful project.
   
   You might want to look carefully at the chapter describing failure analysis. It looks at finding single points of failure. Suggesting that you might prepare a risk statement for each such point. Where this is as detailed as you can make it, covering factors like the probability of the event and an action plan to minimise this. Or to recover if it occurs.



2. I was recently assigned the project manager role to implement a configuration management system for a Fortune 500 information technology department. While I had experience implementing configuration management systems from a CMM/CMMI perspective, I had never implemented one based on ITIL.
   
   Mr. Klosterboer's book provided the framework for me to: plan the project, orient my team on the approach we would be taking, and provide reference material for the team. Members of my team have decided to purchase the book based on the invaluable content. The table of contents is well defined so as to allow you to go to the section you need quickly.
   
   I have been involved in over a dozen process improvement efforts and have never found a resource so well designed to assist in implementation. Too often the books I have read have been more theory than practical application. I find myself looking at some section of the book every day.



3. This is a good book about implementing the process, because it describe common mistakes and best practices. So the project approach is clearly explained.
   However the book doesn't go into the details of the CMDB schema. I think that the approach for this book is more useful for implementing existing CM solutions (i.e. Tivoli) rather for building a new CM system. Be aware that implementing the CM process in isolation is not as affective as implementing together with Change Managemenr (as suggested by ITIL and this book).



4. This book purchased was what I wanted and provided me with the information on ITIL that I was looking for.



5. This is an excellent pragmatic view of implementing an ITIL conformant Configuation Management system. It is very useful in understanding the space between ITIL abstract ideals and reality. In addition to a solid description of the technical issues, it provides insight into how to manage expectations and organizational challenges. I highly recommend.

5 comments about Mastering Delphi 7.

1. In order to understand some issues related with delphi 7, the book is very helpful. But is not a step by step book. In that case I advice to look for something more especific.
   This book is reality very good, an excellent work of the writer, you should buy it as a bible.



2. yesterday I received the book by international shipping. As I have read the first 14 pages I am really satisfied with the cost that I pay. Thanks to God (to create such a man), thanks to marco and thanks to amazon of course.



3. Mr. Cantu has taken on an immense task condensing most of what you need to know about Delphi into a single volume. While he did a tremendous job of giving you a foundation of most aspects of Delphi, inevitably there are some areas in which you are left wanting.
   
   I purchased this book for use at work, and for the most part - even if I have not found the exact answers to my questions - I have been able to determine the right "questions to ask" when it comes to formulating my Google queries to track down the answer I need. When it comes to Database Programming, I didn't find everything I needed in regards to ADO and had to get another book "Delphi Developers Guide to Programming with ADO" in order to make up for the sadly - very short section that Mr. Cantu devoted to the topic in this book.
   
   Overall - this is an excellent companion for anyone who develops in Delphi. I must however offer one caveat - you will not find all of your answers here without the aid of Delphi developer websites, forums, Google, and other third party resources. I recommend this as a purchase if you understand that it is just a good reference. If you have a specialized need - I suggest trying to find your answers via the Delphi section on About.com or via DelphiBasics (download version).



4. This is an excellent Delphi learning & reference manual. I am finding it to be a great asset to my programming books.



5. I bought this book for getting one step further in delphi. But it took me ten steps further. Adviced to who need to real mastering in delphi.