RE: Programming

["Lepore, Brian" <Brian.Lepore () marconi com>]

What I haven't heard anyone say yet on this topic was this:  If you learn
one language, the others sort of fall into place.  I'd start with C.  If you
decide that you even like programming, then you can try out the rest of
these suggestions.  I think Python or Perl is also a good place to start.
Perl is nice because you don't have to bother compiling your programs.

The one thing that you have to brace yourself for, Ben, is that a lot of
people aren't cut out for programming.  I know a lot of people that would
have loved to get into security but just couldn't get into programming.
Programming is a completely different way of thinking.  Similar to what
David said below: in most of my programming classes, there was the great
majority who were confused and then there were the 10-20 percent of students
who knew what was going on.  We became very popular in those classes.

-----Original Message-----
From: linux user [mailto:linuxteam () gmail com]
Sent: Friday, February 11, 2005 8:12 AM
To: David J ONEILL
Cc: dayz () planet nl; security-basics () securityfocus com
Subject: Re: Programming


I hope you are not kidding, the guy wants to learn a programming
language that would benfit him in the security area not in the Legacy
business area, Python or Ruby would teach him object oriented
programming, and both do look readable and well structered

if it was not a joke let us know what is the future of Cobol?

On Thu, 10 Feb 2005 07:55:27 -0800, David J ONEILL
<David.J.Oneill () state or us> wrote:
> Having been a programmer/developer/systems analyst for the last 11
> years, I feel that a lot of respondents are missing the boat.  They have
> forgotten on of the most structured languages still in existence COBOL.
> This language is available for PC platforms.
>
> I have programmed professionally in PC and Mainframe Assembler, BASIC,
> Visual Basic, C, COBOL (with CICS, DB2, and IMS), REXX, and I current
> develop applications using Java.
>
> I would recommend starting with COBOL because it enforces structured
> programming techniques.  All data elements are strongly typed and must
> be defined prior to being used (this forces the programmer to think
> about what data they will be working with, instead of winging it as they
> go along.)  And COBOL encourages modularity and functional cohesiveness
> in programming (each function of the program is place in its own
> procedure.)
>
> Object oriented techniques can even be used with COBOL (Classes are
> translated to Nested Programs in COBOL.)
>
> One more benefit, COBOL was an early attempt to develop human readable
> code.  And today it still can be written today in sentence and paragraph
> form.
>
> My 3.5 cents worth  :-)
>
> David J O'Neill
> Senior Systems Analyst
> State of Oregon
> Department of Human Services
> Office of Information Services
> PH# 503.378.2101 ext. 280
> email david.j.oneill () state or us
>
> > > > "David Gillett" <gillettdavid () fhda edu> 02/09/05 03:17PM >>>
>   Since ontology frequently recapitulates philology, you might be well
> advised to start with the assembly language for a common and
> reasonably
> powerful architecture.  Pay particular attention to stack management
> and
> memory access controls.  (An architecture that lacks them -- such as
> "real"
> mode on the x86 family, is not sufficiently powerful, you need to
> include
> at least one "protected" mode.)
>
>   The next stop is C, with attention not merely to applications, but
> to
> what kind of source code features get compiled to what kind of
> executable
> code.  Pay particular attention to automatic variables and to the "n
> versus
> non-n" string routines, and to dynamic memory management.
>
>   Most other common languages fall into three major categories:
>
> 1.  Languages whose compilers implement features in the translation to
>     executable form which parallel C in concept if not in detail.
>     e.g. Pascal, FORTRAN.
>
> 2.  Languages whose compilers implement features in the translation to
>     executable form which parallel C in concept and in detail.
>     e.g. C++, C#.
>
> 3.  Languages which are processed to an intermediate form which serves
>     as input to a run-time environment implemented in a language from
>     one of the first two categories.
>     e.g. VBASIC, Java.
>
> Many issues such as buffer overflows and some DoS vulnerabilities can
> be
> traced to assumptions made by writers in something C-like that get
> discarded
> in the translation to the binary executable.  Familiarity with both
> sides of
> this translation will be a major asset.
>
> David Gillett
>
> > -----Original Message-----
> > From: dayz () planet nl [mailto:dayz () planet nl]
> > Sent: Wednesday, February 09, 2005 12:17 AM
> > To: security-basics () securityfocus com
> > Subject: Programming
> >
> >
> > Hi,
> >
> > I want to begin with learning programming to increase my
> > knowledge about
> > security, but I don't know where to begin. Can someone tell me which
> > programming language is good to start with, and pherhaps what book
> > and/or online guides I should take a look at?
> > It would be nice that if I learn a programming language that it
> > shouldn't be much work to understand another one.
> >
> > I am on Linux and Windows.
> >
> > Thanks for the help.
> >
> > Regards,
> >
> > Ben