Solved

Best language for writing security tools?

Posted on 2004-09-01
32
611 Views
Last Modified: 2008-02-01

What is a good language to learn/start with?   I've mostly been a network guy up to this point, took a qbasic class in college.  However I want to start programming.

I want to be able to write my own security tools oneday.  Some people say go with perl, others say C. Which should I do? What is the best to learn for my goal(s)?
Thanks
0
Comment
Question by:dissolved
  • 11
  • 6
  • 5
  • +5
32 Comments
 
LVL 22

Assisted Solution

by:cookre
cookre earned 25 total points
ID: 11957661
If you're in the Windows world, I'd start with VBScript.

You'll have earlier successes to keep you from becoming disheartened as you get familiar with basic programming concepts.
Moreover, if you look at incorporating WMI into your scripts, you'll see immediate value in network administration:
http://www.microsoft.com/technet/scriptcenter/repository.mspx

I can't image plopping somebody into Perl as a first language.

However, regardless of the language, all programming is made up of the same basic building blocks:

* value assignments
   do calculations and save results

* execution flow control
   conditionals
   iterations
   subroutine calls

* I/O
   file I/O
   screen I/O

The differences among the various languages center around how easy or hard it is to perform these basic functions.

0
 
LVL 2

Assisted Solution

by:GP1628
GP1628 earned 50 total points
ID: 11958529
Why change langauges at all? If you know QBasic then use a basic.
I manage multiple servers and write my own security scripts all the time (an excellent thing to do since using any popular security is self-defeating). I use Basic on Windows, Linux, Unix, and Mac servers.

I keep saying I will learn Perl or C++. I have a bunch of books for them. I can understand the examples well enough. But I just havent run into anything yet which has forced me to switch over. When I want a script Im in too much of a hurry so as long as basic continues to serve the need I will probably stay in that rut.  :)

There are ALOT of Basics available. Some of which can be cross-platform programmed. But one fun site I like to send people to when they are considering languages is
http://www.99-bottles-of-beer.net/0-9.html

Gandalf  Parker
0
 
LVL 3

Assisted Solution

by:travisjhall
travisjhall earned 25 total points
ID: 11958902
VBScript is fine for many security purposes and I've used it myself for most programmed security operations where I work. However, I have found that there are times when I need the low-level power of C++. Now, to be honest, I haven't done much with C++ alone. I have a tendency to create components that I need in C++, then call those components from another language, usually VBScript. I do this because VBScript tends to be faster to build and easier to modify, and once I have the component C++ has done what I needed it to do. On top of that, Visual Basic is easier than C++ for interface work, so if I need a GUI tool, I'll do the high-level work in VB.

So it really depends just what sort of tools you want to program. I like to have a variety of tools available, so that I can pick the language which best suits the job at hand, but if you are planning to learn to program to bolster your admin capabilities, you might not find it is an efficient use of your time to learn multiple languages.
0
 

Author Comment

by:dissolved
ID: 11959218
Thanks guys. I am basically looking for something I can dive right into and spend hours learning.  I have only a very basic understanding of programming (from qbasic lmao).

I guess the general answer is that I will have to learn most of the languages to be an effective programmer. That being said, which language should I invest my time in FIRST?  I want it to be worth my while, a language that i wont feel like I'm using just to learn. That was my problem with qbasic. I had trouble dedicating myself because I knew it wasnt that great. Of course, I could be (and probably am) incorrect saying all of this because I know nothing about programming.  Would I be crazy starting with C?
0
 
LVL 2

Assisted Solution

by:GP1628
GP1628 earned 50 total points
ID: 11959278
Well you wouldnt be starting with C. You started with QBasic which I think is a good idea.

Perl or Python might be a halfway point between Basic and C, and would be very useful.

Seriously though, visit that 99-bottles-of-beer site. Its the song, programmed in short bits of code in over 300 different programming languages.

Gandalf  Parker
0
 
LVL 8

Accepted Solution

by:
pjcrooks2000 earned 225 total points
ID: 11961871
Heh you could go on for ever here with languages.  Personally i would program in languages that are more recent object orientated ones such as Java.  Object orientated languages will cut down on development time and have losts of useful security components at hand ready to use.  Don't use slow methodical programming languages, you will never get the job done if you do so.

The java API can help you a heck of a lot to create programs that you wish and you can search through it.  Like any other language there will be a learning curve to think about.  

Oooh and the best bit about Java is that it is Multi Platform compatibles, you can deploy it on Unix, Windows, Mac and even onto your hand held mobile phone and electronics.  So no matter what operating system your clients use the program will still work and run on them.  

Why not have a read of the sun website http://java.sun.com/  to see if you get the idea. Oooh i just made a game in Java so just shows you what you ccan do with it.

pjcrooks2000 :)
0
 
LVL 11

Assisted Solution

by:cjjclifford
cjjclifford earned 150 total points
ID: 11961977
(some would argue Basic is not a language, but that's for a different thread/website!)

GP1628 already mentioned Python (but as halfway between Basic and C)... I would say Python is probably the easiest to go with - relatively easy syntax (especially in comparision to Perl, C, C++, even Java, etc!), but very powerful (can be used as basic scripting language, while still using the full system libraries that come by default, but can also be programmed fully as object oriented language, or even as a procedural language - I use all 3 types of scripts/programs in Python, depending on what I need... Great thing about Python is cross-platform... there are many platforms that have Python installers (see www.python.org).
0
 

Author Comment

by:dissolved
ID: 11962271
Thanks for everything guys. Hate to ask, but what is object oriented language and procedural language?
0
 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11962479
Hi dissoloved

Your best bet id to read up on it, i just did a google and found a link straight away

Although thtis link is for c++ i did say you should perhaps learn java, http://www.zib.de/Visual/people/mueller/Course/Tutorial/tutorial.html

Basically when you use Objects you are able to create objects such as buttons, windows, text boxes or even network interfaces as an object.

Procedural it the process of creating a button through systematic developement.  Re inventing the wheel every time you wan tto create a button.  Object orientated programming allows you to use previously developed compnents such as the buttons with a limited ammount of work on your part.  If you use procedural then you have to make the button yourself.

So you see with Object orientated programming there is already a lot done for you, all you have to do is learn how to put it all together.  Hence you do not spend as much time on developing low lbuttons and such like you would simply say something like this in your code

pseudo code

Create a button that can be used time and time again

Create a new instance of the button(this)

Add a Listener to the buttton so that it can be pressed
{
Do things upon clickint the button i.e call another object
}

and that is generally how it goes.   But have a good read of that link I sent you and do a search on procedural vs Object Orientated programming on google.

There should be millions of pages on the subject.  

Oooh by the way, Java was designed on c++ and c++ is an extension of 'C', therefore c++ is an Object Orientated language also but you can still do low level taks in it like adding two numbers together or performing sorting algorithms.

I think Java is easier to learn however, but c++ is more funtional than Java if your willing to learn c++ then why not do that too.

Good luck to ya

pjcrooks2000  -  :)
0
 
LVL 11

Assisted Solution

by:cjjclifford
cjjclifford earned 150 total points
ID: 11962498
without going into any formal definitions, the terms refer to the different ways of approaching a programming problem, i.e. how to model the problem, and its solution.
Procedural refers to approaching the problem and solution as a set of tasks, or procedures, that have to be performed, one after another, possibly repeating several tasks repeatedly. Basic could be seen as procedural. Other examples of procedural would be C, fortran, various unix shell scripting, etc.
Object Oriented refers to approaching the problem and solution by looking at the data that is being processed, and modeling this data as "Objects". An object is a piece of data, which has several defined tasks (method in Java, message in Smalltalk (I think) associated with it. Objects then "talk", using each other's defined methods. Examples of Object Oriented languages include C++, Java, SmallTalk, Python, Perl (some would argue against that!), c#, etc.

(there are also Functional Programming, Declaritive programming, Aspect Oriented programming, etc., etc. They all refer to different ways of breaking down the problem set, to generate a solution...)

A simple example might be a program to open a file, and display every line on the console.
(note, pseudo code below, and also note simple examples usually generally tend toward looking procedural in nature!)

A procedural solution might do the following steps:

Open the file (call the system procedure...)
Until there are no lines remaining to be read:
    Read a line from the file (call the system procedure)
    Display the line on the console (call the system procedure)

An object oriented approach (not a great example...) might be:

Create an instance of the FileObject.
Create an instance of the FileLineReaderObject.
until there are lines left to be read:
    request a LineObject using the FileLineReaderObject.getLine() method
    Request the ConsoleOutputObject to print the formatted LineObject output (ConsoleOutputObject.print( LineObject.format() ).

this is probably not very clear, but hope it helps...
0
 
LVL 11

Assisted Solution

by:cjjclifford
cjjclifford earned 150 total points
ID: 11962525
pjcrooks2000, "c++ is more funtional than Java" - in what way?
0
 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11962708
Is that a question or a statement?

Yes c++ is more powerful shall we say, but then again c++ has been around a lot longer... Java will eventually surpass its functionality and I bet by that time we will be programming in another language or there will be better newer cross platform, multi blah blah blah languages.  If you get my point!

C++ is more powerful, and is also more dangerous to use.  Java takes a lot of the work out for you when programming.  e.g.  when you program in c++ you use up memory and you have to remember to destroy the memory yourself.  You do not have to do this is Java.

That is just one such example, they both have good points and Have bad points.  Java is easiest to learn by a long way !  c++ can really break your gonads if your not careful, well at least it has been doing with me when I have been programming games up!
0
 
LVL 11

Assisted Solution

by:cjjclifford
cjjclifford earned 150 total points
ID: 11962788
pjcrooks2000, it was a question...

I was wondering what (useful) functionality C++ provides over Java... you said "C++ was more functional", I was (still am) wondering what you mean by this... The main difference is C++ is natively compiled, and Java is (generally) compiled to Byte code and run on a JVM (I say generally, as GCJ native java compiler, which supports at least JDK1.3.1)
In fact, I would argue that Java is more functional that C++, especially if you start looking at more advanced topics as Reflection, RMI (listed as its built in as standard!), EJB, etc, not to mention other areas like Byte Code engineering, custom class loaders, Aspect oriented-like interception, etc.

(btw, Garbage collection does exist for C++, but as far as I know there is not free library to do it... only expensive comercial ones, but I could be wrong in that...)
0
 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11962929
Clifford you telling me things I already know :)

ps:  If your making games for Consoles/ OS's and so on then c++ wipes the floor with Java,  Jav is the newest language and please note this is what I am telling dissolved he should use and for the very same reason you have stated above?  

Have another read! I mentioned c++ memory having to destroy it yourself and you don't have to do this on Java.  You have to remember this guy is not a programmer so trying to baffle him with science is not a good idea.  I tell it in latmans terms when he eventaully decide to learna language he will be able to communicate on a higher level and he will know what garbage collection is etc etc.  

If I ask a man on the street I have a programming langugae that does garbage collection he would probably give me a funny look and say well my bin man does that for me :P
0
 
LVL 11

Assisted Solution

by:cjjclifford
cjjclifford earned 150 total points
ID: 11963135
accepted, natively compiled code will be more performant than code run on a virtual machine, but be careful here generallising Java as only being the latter (I mentioned GCJ earlier, and I'm sure there are other good native compilers for Java... As far as I remember, Java was initially devised as an embedded language, with some talk of developing hardware JVMs...)

Regarding "Garbage Collection", appologies for the tech. term, this refers to automatic collection/freeing of memory no longer needed by an application. In general, memory must be allocated before using it, and if not freed correctly afterwards, the application will hold on to it (this is known as memory leaking, and will over time cause the application/system to slow down, and eventually crash, Out-of-Memory type errors!). Garbage collection mechanisms exist that allow application developers to ignore the need to carefully free memory after use (debugging memory handling can be a big pain!). Java's memory mechanism uses garbage collection (on most of Java's platforms, note that JavaCard (the SIM Java platform), and possibly others, have no garbage collection). Libraries exist that can be plugged into C++ implementations relatively simply that provide this functionality also.

Note that even though Java (and other languages) provide Garbage collection, there is still the problem of "memory leaks", but now they are related to applications maintaining references to memory, rather than letting the collector do its work... these are as painful, if not more so, to debug than traditional memory leaks!

(Regarding the man on the Street, a few years ago here (Ireland) I would have disagreed with you, everyone you met was working somewhat in IT... since then there was the economic downturn, and some people actually work in other sectors now :-)
0
 
LVL 3

Assisted Solution

by:aravindtj
aravindtj earned 25 total points
ID: 11965565
C++ is the Best for all; independent of platforms.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11966132
Hello me old irish brother :)

Well thats if your irish that is!  Short answer then we agree is Learn Java.. I'm not gonna say it again :) You could read all of our notes and still conclude learn Java, or maybe both c++ and Java... its up to yourself now!

patrickio'j'crooks2000'
0
 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11966171
Sorry missed aravindti's comment, c++ is the most powerful and can do thing that Jav can not, it offers more flexibility but with that comes mistakes on the programmers part.

Java is more relaxed and easier to learn stil has fantastic capabilities compared to some of those other languages people and banding about!  Thats my opinion and I will say it till the day I die...

Ooooh Danny boy.... I met my girl by the factory wall..... My lonely prison wall I heard a young girl call.........ing

Just some wee irish songs for you!

pjcrooks2000
0
 

Author Comment

by:dissolved
ID: 11966900
Thanks for the input everyone.
PS: I'm half irish. Was in dublin last year visiting family
0
 
LVL 8

Assisted Solution

by:pjcrooks2000
pjcrooks2000 earned 225 total points
ID: 11967184
Ahhhh brilliant, i'm a full bred from Belfast but been in UK since 1979 so I guess that makes me half bred ... :)

I hope what we all put up there was useful to you, and I wish you all the best.

pjcrooks2000
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11968654
Muchly appreciated dissolved very nice of you to accept.

Heres ome pointers for you to learn what I presume you ahve decided to take on the Java world :)

Java sun API where you will find out about all those ready made objects and classes I was talking about:
http://java.sun.com/j2se/1.4.2/docs/api/

Free book by Monica Paulan "Essentials of the Java Programming Language, Part 1"  Available on the Sun website:
http://java.sun.com/developer/onlineTraining/Programming/BasicJava1/

The offical Java book at Sun, Trail finder with lots of help and explanations:
http://java.sun.com/docs/books/tutorial/

Useful sun java forum:
http://forum.java.sun.com/

Ooohhh last but certaily not least, Experts-Exchange chance are you will find answer to all your questions on here.  

Best of luck to you with it

pjcrooks2000
0
 

Author Comment

by:dissolved
ID: 11968885
Thanks again. Thats to everyones help in this thread as well.
-dissolved
0
 
LVL 2

Expert Comment

by:GP1628
ID: 11969213
Personally I find C more independent of platforms than C++. For that matter Basic is too. But C++ is coming strong. Most of the differences tend to get you a "well OK then all of the commonly used platforms"

Java is great but I still tend to think of it as the choice for internet apps. I know it can do stand-alone just-on-the-system things, I just dont tend to think of it that way.

Of course, they all can do what any of them can do so those discussions tend to go nowhere. Some just do particular things abit easier or more powerfuly or more efficiently than others.

In any question, on any subject, there is no "best". There is only pro and con. People who answer with a "best" tend to do so because they cant pro/con it against other choices.
0
 
LVL 11

Expert Comment

by:cjjclifford
ID: 11970816
GP1628, hear hear... the right language for the right job...

I know... I more or less started this "my language of choice is better" disc. (I just don't like throw away statements like "LangX is more powerful/functional/better/stronger/best/blagh than LangY"...

I've used C/C++ and Java on different platforms, as well as other languages like Python and Perl (Perl mostly for automatic code generators though!), from Large Server Side distributed applications to tiny (as small as 4K program size, as well as tiny RAM footprint) embedded devices (yes, Java on those too!), but, yes, the right language for the right job...

True real-time programming (i.e. programming with hard time constraints set by realworld limitations/timings/etc, e.g. digital communications protocols) is really not suited to Java (several factors, but really due to Garbage collection (described above), since this gets processed periodically, at a time set by the JVM, so no true real-time guarantees can be made! Some work into realtime Java have/are being done, and as far as I remember (been a year or so since I've looked into this) they evolve around ways of removing the GC!)
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11971882
Heres the latest version cjj http://java.sun.com/j2se/1.5.0/docs/relnotes/features.html.   Like i say its being developed and improoved all the time.  What has long been thought of the language of the future and no not just for Applets anymore.

They all have their pros and cons would we at least all agree on that?  I find some of the older languages dated, mundane and more difficult to use to do most and i say most jobs that you will need to do !

Its a matter of opinion i think anyway!  

good luck to everyone :)

pjccrooks2000
0
 
LVL 2

Expert Comment

by:GP1628
ID: 11973800
Heehee. In an analogy that would be
"Im thinking of getting a car. Whats the best one?"
"Get a porsche!"
"Wow what a quick answer. I was thinking of a Ford"
"But Porsche are being improved all the time. Dont bother with the old stuff"
I often use the analogy to point out that any conversation of "best" goes 2 ways. Those who have an answer, and those who come back with questions. "Getting a car? what price range? have a family? live in a bad neighborhood? far from major city for repairs?" (all things that would knock porsche out as the best answer) Porsche is a great car but not always the best answer.

Anyway.... I was wondering what languages you you consider older, dated, mundane, and more difficult to use than java (which of course is seperate from difficult to learn). Ahh never mind. I will just jump ahead and point out that none of them are dead and unmoving. Even Basic is still in active development. I tried a dozen different excellent versions of it before finally settling on the one that came with my linux server. I often use it because I need to quickly create little things that will run on windows, linux, mac and unix. And will compile to a standalone executable for each of them. I use it for CGI's, cron security scripts, and 3rd party game applications. Still not sure why I would want to go thru the hassle of learning java unless I want to do something embedded in a java-capable environment such as a web-browser game or a cell-phone application. BUT I am willing to accept that java is progressing even as we speak, thats its already NOT the java I looked at last, and that it might change my mind any day now.
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11973929
I hear ya GP nice analogy :)  not really related to programming languages but I thinks i see where your coming from.

well its just in my opinion those other languages have not moved onwards and have not been updated anytime recent whereby Java is always on the move.  I suppose it has to be to keep up with the technologies it is being deployed on, mobile phones etc etc.  The only thing they have not done is create a Java PC, not the VM but I mean a pure Java machine.  Weird that!  I don't get it, but then again that would not help it to be multi platform using a range of VM's as it is today.

It still has a long way to go in my mind but it just seems to get better and better and the Support that Sun has for it is fantastic.  

I think it has got a good 30 years in it at least anyway, until they bring out a new Boxter :)  

thanks pjcrooks2000

0
 

Expert Comment

by:GrooverMD
ID: 11993353
oop is the way to go regardless of preference of language. Builing a base class that sends an ecrypted id number to any derived class as a property of that class so that when the base class sends interprocess communications only derived classes with that encryted id number can communicate with the base class, depending on the level of encryption and the encrytion method used, will ensure that hackers cannot gain access to that object.
0
 

Expert Comment

by:GrooverMD
ID: 11993388
that way you can create a whole email system that you only need to create 4 objects base class, send object, recieve object and
object to move
0
 

Expert Comment

by:GrooverMD
ID: 11993403
pseudo code as follows

class parent
for every derived class create unique id

class derived
after creation get parent id
while no parent id destruct
0
 
LVL 8

Expert Comment

by:pjcrooks2000
ID: 11994622
GrooveMD no offence but you sound like you have made that up!  I don't think you have answered the question all you have done is rambled some pseudo code and that does not address the question at hand.  The question is closed now anyway!!
0
 
LVL 2

Expert Comment

by:GP1628
ID: 11996746
Nahh I can see the advantage of classes in a security tool, which would be security.
I dont think I would go to so much trouble unless I was releasing a security tool to the public and thought it would get popular. Then it would be an excellent consideration.

By the way PJ I had meant to post an snwer to your past post...
I figured that was the direction you were headed so I will just make it a short note. Java is not being updated more often or more recently than any other language. The Basic I use is getting jsut as many updates just as often. But thats OK, its hard to keep up with one language much less anyone elses. I had the same idea until I recently went looking for a Basic and was surprised to find that I had a dozen very up-to-date and expanding ones to choose from. I ended up choosing the one that came with my linux since its the easiest to receive the updates on.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Displaying an arrayList in a listView using the default adapter is rarely the best solution. To get full control of your display data, and to be able to refresh it after editing, requires the use of a custom adapter.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now