There are three languages that I’d recommend to anyone thinking of
getting into IT Security:
· PHP – Most web-apps are written
in it, and it’s a great way to learn about security problems. Most tutorials
actually teach you to write terrible security holes into your code, so it’s fun
to realise how screwed you are and go fix the problems. As part of it, you
should learn SQL.
· Python – This is pretty much the
de-facto security language. It’s cross-platform, a large number of security
tools are written in it, and it’s a great language (though I find its syntax a
little abrasive).
· C – C is the language of
systems development. It allows you to get into the real low-level stuff. You
can use it to learn about the sort of vulnerabilities and exploits that allow
attackers to gain root on systems, e.g. stack smashing, heap overflows, SEH
exploits, ROP, etc.
I’d certainly recommend looking into web languages, especially
JavaScript. Web security is a huge industry, so understanding how web exploits
work will be greatly beneficial.
I also recommend learning x86 assembly (or ARM assembly if you’re
that-way-inclined). It teaches you have the processor really works, and allows
you to really understand how attacks work at the lowest level.
Other languages that might be interesting, in no particular order:
Java, C#, Ruby, objective-C, Haskell.
Security is full of steep learning curves, and you need to be
extraordinarily passionate about approaching complex challenges. The most
important bit of advice I can give you is to read about and try everything you
can get your hands on. If your attitude to an interesting article about CSRF or
ROP exploits is “that looks cool, I’m gonna try it out”, you’re already in the
security mindset.
Additional Articles
0 comments:
Post a Comment