Re: Programming

• Previous message: Brandon Kovacs: "Re: Taking control of user's desktops"
• Maybe in reply to: dayz_at_planet.nl: "Programming"
• Next in thread: Ernest Nelson: "RE: Programming"
• Reply: Ernest Nelson: "RE: Programming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 11 Feb 2005 14:50:54 -0800
To: <security-basics@securityfocus.com>

Sorry, my understand was that the "guy" wanted to learn a language the
would help him see the security pitfalls in programming production code
... if I was wrong, my mistake. So, no I was not joking.

The problem with "modern languages" (Java, C#, Python, Ruby, VBScript,
...) is that they do not enforce any structured programming techniques.
They let the developer write the code any way they want, which install
real bad habits (like redefining a data element into whatever data type
fits as many times as they want ... just try tracing a program written
like this.) If you want to know what kind of security vulnerabilities
exist in the real world of professional programming (as opposed to the
script kiddy world) one should explore languages used in major computer
systems. Like it or not, in most large systems, the production code is
COBOL.

As I said before, I am a professional JAVA developer ... but I am sure
glad that I started out with a more structured and human readable
language. The future of COBOL, well you should have done some checking
before popping that question (Object Oriented COBOL is the current
version, and it is strongly supported.)

I'm ready ... throw the next flaming arrow

David J O'Neill
Senior Systems Analyst
State of Oregon
Department of Human Services
Office of Information Services
PH# 503.378.2101 ext. 280
email david.j.oneill@state.or.us

>>> linux user <linuxteam@gmail.com> 02/11/05 05:12AM >>>
I hope you are not kidding, the guy wants to learn a programming
language that would benfit him in the security area not in the Legacy
business area, Python or Ruby would teach him object oriented
programming, and both do look readable and well structered

if it was not a joke let us know what is the future of Cobol?

On Thu, 10 Feb 2005 07:55:27 -0800, David J ONEILL
<David.J.Oneill@state.or.us> wrote:
> Having been a programmer/developer/systems analyst for the last 11
> years, I feel that a lot of respondents are missing the boat. They
have
> forgotten on of the most structured languages still in existence
COBOL.
> This language is available for PC platforms.
>
> I have programmed professionally in PC and Mainframe Assembler,
BASIC,
> Visual Basic, C, COBOL (with CICS, DB2, and IMS), REXX, and I
current
> develop applications using Java.
>
> I would recommend starting with COBOL because it enforces structured
> programming techniques. All data elements are strongly typed and
must
> be defined prior to being used (this forces the programmer to think
> about what data they will be working with, instead of winging it as
they
> go along.) And COBOL encourages modularity and functional
cohesiveness
> in programming (each function of the program is place in its own
> procedure.)
>
> Object oriented techniques can even be used with COBOL (Classes are
> translated to Nested Programs in COBOL.)
>
> One more benefit, COBOL was an early attempt to develop human
readable
> code. And today it still can be written today in sentence and
paragraph
> form.
>
> My 3.5 cents worth :-)
>
> David J O'Neill
> Senior Systems Analyst
> State of Oregon
> Department of Human Services
> Office of Information Services
> PH# 503.378.2101 ext. 280
> email david.j.oneill@state.or.us
>
> >>> "David Gillett" <gillettdavid@fhda.edu> 02/09/05 03:17PM >>>
> Since ontology frequently recapitulates philology, you might be
well
> advised to start with the assembly language for a common and
> reasonably
> powerful architecture. Pay particular attention to stack management
> and
> memory access controls. (An architecture that lacks them -- such as
> "real"
> mode on the x86 family, is not sufficiently powerful, you need to
> include
> at least one "protected" mode.)
>
> The next stop is C, with attention not merely to applications, but
> to
> what kind of source code features get compiled to what kind of
> executable
> code. Pay particular attention to automatic variables and to the "n
> versus
> non-n" string routines, and to dynamic memory management.
>
> Most other common languages fall into three major categories:
>
> 1. Languages whose compilers implement features in the translation
to
> executable form which parallel C in concept if not in detail.
> e.g. Pascal, FORTRAN.
>
> 2. Languages whose compilers implement features in the translation
to
> executable form which parallel C in concept and in detail.
> e.g. C++, C#.
>
> 3. Languages which are processed to an intermediate form which
serves
> as input to a run-time environment implemented in a language
from
> one of the first two categories.
> e.g. VBASIC, Java.
>
> Many issues such as buffer overflows and some DoS vulnerabilities
can
> be
> traced to assumptions made by writers in something C-like that get
> discarded
> in the translation to the binary executable. Familiarity with both
> sides of
> this translation will be a major asset.
>
> David Gillett
>
> > -----Original Message-----
> > From: dayz@planet.nl [mailto:dayz@planet.nl]
> > Sent: Wednesday, February 09, 2005 12:17 AM
> > To: security-basics@securityfocus.com
> > Subject: Programming
> >
> >
> > Hi,
> >
> > I want to begin with learning programming to increase my
> > knowledge about
> > security, but I don't know where to begin. Can someone tell me
which
> > programming language is good to start with, and pherhaps what book
> > and/or online guides I should take a look at?
> > It would be nice that if I learn a programming language that it
> > shouldn't be much work to understand another one.
> >
> > I am on Linux and Windows.
> >
> > Thanks for the help.
> >
> > Regards,
> >
> > Ben
> >
>
>

• Previous message: Brandon Kovacs: "Re: Taking control of user's desktops"
• Maybe in reply to: dayz_at_planet.nl: "Programming"
• Next in thread: Ernest Nelson: "RE: Programming"
• Reply: Ernest Nelson: "RE: Programming"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Structured Coding ... more visual, some are more conceptual, some are more language oriented. ... I had major problems struggling with OO COBOL when it was first released. ... programming language ever written; light hearted, witty, amusing, ... Later I had to run some courses in Java Web programming and ... (comp.lang.cobol) Re: 7E7 Flight Controls Electronics ... was just good thing that that localization was not too easy - it would ... Please don't confuse abstraction skills of typical COBOL programmer (that ... I pointed at the current programming "biblioware" for commercial data ... > language was because I learned all the workarounds. ... (comp.lang.ada) Re: New Cobol compiler written in Cobol ... It didn't have a visible operating system. ... > If I were writing a Cobol compiler, I wouldn't look at today's market. ... > What will a programming language need to be successful in that world? ... They'll use a language they can understand at a glance. ... (comp.lang.cobol) Re: Gartner on Assessing the Age of Software Languages and Tools ... It's doing some Romero-level twitching, ... We have a lot of customers with no mainframe COBOL at all, ... COBOL.NET does everything that any other .NET language does. ... And of course the whole *point* of the CLI/CLR is that it simplifies mixed-language programming, so it's trivial to use one .NET language for the bulk of an application, and drop into another if it is better suited for some particular aspect. ... (comp.lang.cobol) RE: Career Choice ... Almost all PD and SO's have volunteer programs. ... now finishing up my Bachlers degree in Network Security. ... > you how much programming experience helps. ... My current studies have only one programming language course ... (Security-Basics)