Scripting and Security
For me scripting and programming have never really come easily. It is something that I need to work on, and continue to work at. Programming though, is something that I have pretty much given up on due to a lack of time. Scripting however is something that I force myself to keep picking at. The sheer versatility of being able to write scripts in PERL, Python or other such language cannot be stressed enough for the security professional. Actually I wrote a two part series on it that you may wish to give a read. It gives a pretty good example of just how versatile a tool, scripting can be. What I plan on doing in the short term is to try and devote an hour a day to scripting. A lofty goal I am sure, but one I will strive to attain. What about you guys, any preferred language?
b0ne Says:
July 26th, 2007 at 7:54 pm
I would disagree that you have given up on programming.
The difference between “programming” and scripting is really a semantic argument with respect to perl and python. Perhaps if you were using a shell script I would agree.
To mirror the perl functionality in your nice article using the C “programming” language, I only needed to do one extra step; delcare variables.
gcc.exe -o findIP.exe programming_example.c
programming_example.c:
#include
int main(int argc, char *argv[])
{
FILE *in;
FILE *out;
char line[1024];
char match[] = “192.168.1.102″;
if ((in = fopen(argv[1],”r”)) == NULL) {
printf(”err - could not open input %s\n”,argv[1]);
return 1;
}
if ((out = fopen(”articleoutput”,”w”)) == NULL) {
printf(”err - could not open output file %s\ns”,”articleoutput”);
return 1;
}
while (fgets(line, 1024, in) != NULL) {
if (strstr(line,match))
fprintf(out,line,”%s\n”);
}
fclose(in);
fclose(out);
return 0;
}
Don Parker Says:
July 27th, 2007 at 5:23 am
Hi b0ne,
I would agree with you that it is largely semantics in regards to the difference between programming and scripting. It has always been enjoyable the times that I have studied C in an effort to further my skills in it. At times an infuriating challenge, but that is what makes it fun
In my case I think I need to go to a brick and mortar school and take a formal class. Though it is pretty much impossible to find a course in C nowadays as everything is object oriented in the guise of Java and C++.
All that said, I would say though that scripting is the more important skill to have for a network security professional. Would you agree? Reason being is that it is unlikely that one would have to write an app from scratch to perform a function that could likely also be mirrored in PERL or Python. Your thoughts?
Thanks for taking the time to write,
Don
b0ne Says:
July 27th, 2007 at 9:43 am
I generally agree that it is a great asset to posses as a security professional, noting some dependency on the type of work you’re doing.
As your utility gets more complicated to implement, the “just get it done” productivity gains of the dynamic languages like perl, python, and ruby can be a large boon.
Also noteworthy, if your code is used on a daily basis or is iterated through thousands of times, the time saved implementing in dynamic code vs. waiting for it to finish executing can be substantial.
For a malware researcher / binary analyst though, it is highly beneficial to have a baseline understanding of such a fundamental and relatively simple language like C. It greatly increases your understand of the more complicated aspects of operating systems and their security.
I recently read an excellent book on C. It will help anyone who wants to develop a really thorough understanding of the core language. I recommend “Beginning C: From Novice to Professional” By Ivor Horton / Apress.
You can actually preview entire book here: http://books.google.com/books?q=beginning+c+from+n...sional
Don Parker Says:
August 9th, 2007 at 8:32 am
I will have to take a look at the book on C that you referenced. Indeed if speed is a prime consideration then writing it in C or C++ is likely best.
Salut!
Don