Security Basics mailing list archives

RE: Programming

From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 9 Feb 2005 15:17:20 -0800

  Since ontology frequently recapitulates philology, you might be well
advised to start with the assembly language for a common and reasonably
powerful architecture.  Pay particular attention to stack management and
memory access controls.  (An architecture that lacks them -- such as "real"
mode on the x86 family, is not sufficiently powerful, you need to include
at least one "protected" mode.)

  The next stop is C, with attention not merely to applications, but to
what kind of source code features get compiled to what kind of executable
code.  Pay particular attention to automatic variables and to the "n versus
non-n" string routines, and to dynamic memory management.

  Most other common languages fall into three major categories:

1.  Languages whose compilers implement features in the translation to
    executable form which parallel C in concept if not in detail.
    e.g. Pascal, FORTRAN.

2.  Languages whose compilers implement features in the translation to
    executable form which parallel C in concept and in detail.
    e.g. C++, C#.

3.  Languages which are processed to an intermediate form which serves
    as input to a run-time environment implemented in a language from
    one of the first two categories.
    e.g. VBASIC, Java.

Many issues such as buffer overflows and some DoS vulnerabilities can be
traced to assumptions made by writers in something C-like that get discarded
in the translation to the binary executable.  Familiarity with both sides of
this translation will be a major asset.

David Gillett

-----Original Message-----
From: dayz () planet nl [mailto:dayz () planet nl]
Sent: Wednesday, February 09, 2005 12:17 AM
To: security-basics () securityfocus com
Subject: Programming

Hi,

I want to begin with learning programming to increase my
knowledge about
security, but I don't know where to begin. Can someone tell me which
programming language is good to start with, and pherhaps what book
and/or online guides I should take a look at?
It would be nice that if I learn a programming language that it
shouldn't be much work to understand another one.

I am on Linux and Windows.

Thanks for the help.

Regards,

Ben

Current thread:

Programming dayz (Feb 09)
- Re: Programming Glenn English (Feb 09)
- Re: Programming Kevin Conaway (Feb 09)
- RE: Programming David Gillett (Feb 10)
- Re: Programming stonersavant (Feb 10)
- Re: Programming xyberpix (Feb 10)
  - Re: Programming linux user (Feb 10)
- Re: Programming secans (Feb 10)
- Re: Programming Kevin Carlson (Feb 11)
- Re: Programming Gilles Demarty (Feb 11)
- Re: Programming Brian Knobbs (Feb 11)
- Re: Programming David Heise (Feb 14)
- RE: Programming Rocky Heckman (Feb 14)
- Re: Programming Brian Gehrke (Feb 17)

(Thread continues...)