Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Programming

from [David J ONEILL] Network Security [Permanent Link]
Subject: RE: Programming
Date: Tue, 15 Feb 2005 07:25:18 -0800 
I'll grant you that ... but you must admit that some languages are less
tolerant to bad habits than others.

Boy, am I sorry I mentioned COBOL ... I mean what were the designers of
this language thinking.  Imagine the nerve of someone developing a human
readable language that also helps to reinforce the use of good
programming techniques.

;-)

David J O'Neill
Senior Systems Analyst
State of Oregon
Department of Human Services
Office of Information Services
PH# 503.378.2101 ext. 280
email david.j.oneill@state.or.us


"Ernest Nelson" <juridian@juridian.com> 02/14/05 01:16PM >>>

Most languages don't teach bad habits, bad references and teachers do. 
You
can learn to write bad cobol just as easily as you can learn bad perl,
c, or
vb.

"The Practice of Programming" is a good place to start learning how to
write
better code.  -
http://www.amazon.com/exec/obidos/tg/detail/-/020161586X/qid=1108415608/sr=8

-1/ref=pd_bbs_1/104-3983269-4991158?v=glance&s=books&n=507846



-----Original Message-----
From: David J ONEILL [mailto:David.J.Oneill@state.or.us] 
Sent: Friday, February 11, 2005 2:51 PM
To: security-basics@securityfocus.com 
Subject: Re: Programming

Sorry, my understand was that the "guy" wanted to learn a language the
would help him see the security pitfalls in programming production
code
... if I was wrong, my mistake.  So, no I was not joking.

The problem with "modern languages" (Java, C#, Python, Ruby, VBScript,
...) is that they do not enforce any structured programming techniques.

They let the developer write the code any way they want, which install
real bad habits (like redefining a data element into whatever data
type
fits as many times as they want ... just try tracing a program written
like this.)  If you want to know what kind of security vulnerabilities
exist in the real world of professional programming (as opposed to the
script kiddy world) one should explore languages used in major
computer
systems.  Like it or not, in most large systems, the production code
is
COBOL.

As I said before, I am a professional JAVA developer ... but I am sure
glad that I started out with a more structured and human readable
language.  The future of COBOL, well you should have done some
checking
before popping that question (Object Oriented COBOL is the current
version, and it is strongly supported.)

I'm ready ... throw the next flaming arrow

David J O'Neill
Senior Systems Analyst
State of Oregon
Department of Human Services
Office of Information Services
PH# 503.378.2101 ext. 280
email david.j.oneill@state.or.us
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Hidden windows ports, files and services., Alex Yan
Next by Date:  Re: CISSP without experience, Ivan Coric
Previous by Thread:  RE: Programming, David J ONEILL
Next by Thread:  Re: Programming, aixroot
Indexes:  [Date] [Thread] [Top] [All Lists]