Security Basics mailing list archives
Re: Programming
From: "David J ONEILL" <David.J.Oneill () state or us>
Date: Fri, 11 Feb 2005 14:50:54 -0800
Sorry, my understand was that the "guy" wanted to learn a language the would help him see the security pitfalls in programming production code ... if I was wrong, my mistake. So, no I was not joking. The problem with "modern languages" (Java, C#, Python, Ruby, VBScript, ...) is that they do not enforce any structured programming techniques. They let the developer write the code any way they want, which install real bad habits (like redefining a data element into whatever data type fits as many times as they want ... just try tracing a program written like this.) If you want to know what kind of security vulnerabilities exist in the real world of professional programming (as opposed to the script kiddy world) one should explore languages used in major computer systems. Like it or not, in most large systems, the production code is COBOL. As I said before, I am a professional JAVA developer ... but I am sure glad that I started out with a more structured and human readable language. The future of COBOL, well you should have done some checking before popping that question (Object Oriented COBOL is the current version, and it is strongly supported.) I'm ready ... throw the next flaming arrow David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us
linux user <linuxteam () gmail com> 02/11/05 05:12AM >>>
I hope you are not kidding, the guy wants to learn a programming language that would benfit him in the security area not in the Legacy business area, Python or Ruby would teach him object oriented programming, and both do look readable and well structered if it was not a joke let us know what is the future of Cobol? On Thu, 10 Feb 2005 07:55:27 -0800, David J ONEILL <David.J.Oneill () state or us> wrote:
Having been a programmer/developer/systems analyst for the last 11 years, I feel that a lot of respondents are missing the boat. They
have
forgotten on of the most structured languages still in existence
COBOL.
This language is available for PC platforms. I have programmed professionally in PC and Mainframe Assembler,
BASIC,
Visual Basic, C, COBOL (with CICS, DB2, and IMS), REXX, and I
current
develop applications using Java. I would recommend starting with COBOL because it enforces structured programming techniques. All data elements are strongly typed and
must
be defined prior to being used (this forces the programmer to think about what data they will be working with, instead of winging it as
they
go along.) And COBOL encourages modularity and functional
cohesiveness
in programming (each function of the program is place in its own procedure.) Object oriented techniques can even be used with COBOL (Classes are translated to Nested Programs in COBOL.) One more benefit, COBOL was an early attempt to develop human
readable
code. And today it still can be written today in sentence and
paragraph
form. My 3.5 cents worth :-) David J O'Neill Senior Systems Analyst State of Oregon Department of Human Services Office of Information Services PH# 503.378.2101 ext. 280 email david.j.oneill () state or us"David Gillett" <gillettdavid () fhda edu> 02/09/05 03:17PM >>>Since ontology frequently recapitulates philology, you might be
well
advised to start with the assembly language for a common and reasonably powerful architecture. Pay particular attention to stack management and memory access controls. (An architecture that lacks them -- such as "real" mode on the x86 family, is not sufficiently powerful, you need to include at least one "protected" mode.) The next stop is C, with attention not merely to applications, but to what kind of source code features get compiled to what kind of executable code. Pay particular attention to automatic variables and to the "n versus non-n" string routines, and to dynamic memory management. Most other common languages fall into three major categories: 1. Languages whose compilers implement features in the translation
to
executable form which parallel C in concept if not in detail. e.g. Pascal, FORTRAN. 2. Languages whose compilers implement features in the translation
to
executable form which parallel C in concept and in detail. e.g. C++, C#. 3. Languages which are processed to an intermediate form which
serves
as input to a run-time environment implemented in a language
from
one of the first two categories. e.g. VBASIC, Java. Many issues such as buffer overflows and some DoS vulnerabilities
can
be traced to assumptions made by writers in something C-like that get discarded in the translation to the binary executable. Familiarity with both sides of this translation will be a major asset. David Gillett-----Original Message----- From: dayz () planet nl [mailto:dayz () planet nl] Sent: Wednesday, February 09, 2005 12:17 AM To: security-basics () securityfocus com Subject: Programming Hi, I want to begin with learning programming to increase my knowledge about security, but I don't know where to begin. Can someone tell me
which
programming language is good to start with, and pherhaps what book and/or online guides I should take a look at? It would be nice that if I learn a programming language that it shouldn't be much work to understand another one. I am on Linux and Windows. Thanks for the help. Regards, Ben
Current thread:
- RE: Programming, (continued)
- RE: Programming David Gillett (Feb 11)
- RE: Programming Ernest Nelson (Feb 11)
- Re: Programming linux user (Feb 11)
- Re: Programming zl4t3 (Feb 11)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming Schott, Erik J Mr ANOSC/FCBS (Feb 11)
- Re: Programming Valentin Höbel (Feb 11)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Andrew Aris (Feb 17)
- RE: Programming Enquiries (Feb 14)
- RE: Programming Lepore, Brian (Feb 11)
- Re: Programming David J ONEILL (Feb 14)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming Dragos Ruiu (Feb 15)
- Re: Programming _ (Feb 17)
- RE: Programming Ernest Nelson (Feb 14)
- Re: Programming dayz (Feb 14)
- Re: Programming Valentin Höbel (Feb 14)
- Re: Programming Kevin Carlson (Feb 17)
- Re: Programming Valentin Höbel (Feb 14)
- RE: Programming David J ONEILL (Feb 14)
- RE: Programming David J ONEILL (Feb 15)
- Re: Programming aixroot (Feb 15)