why?? does every one say this and that.
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: why?? does every one say this and that.

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    26

    why?? does every one say this and that.

    Every one sayes to be in to computer Security you have to know programming.. is this true.
    is this a dream

  2. #2
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    No it is not true. Programming would help, but you can be good at computer security without knowing how to program. Having a general Idea about it would be a good Idea.

    Computer Security is very broad and it could be anything from a simple admin, to a penetration tester, to a forensics analyst..etc etc.

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    519
    well everything starts at its foundations .. and the foundation for a secure program is secure programming

    its more of a bonus i guess, great if you can but bypassable if you cant

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    well everything starts at its foundations .. and the foundation for a secure program is secure programming
    Somewhat true ....that is if you want to secure a program....but what good does that do to you if you're trying to secure a computer from malware and hackers? Yes you can argue that hackers exploit an insecure program, but there's much more than that into computer security.

    Programming is a good Idea, and it can open you more doors for employment and make you a bigger asset to a company, but it doesn't mean you "have to" know how to program in a particular language to be good at computer security.

  5. #5
    Senior Member
    Join Date
    May 2004
    Posts
    519
    i agree with you cybr1d i wasnt trying to imply that you have to know it or do it .. just saying it helps

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    if you pursue the hard core hands on security analysis & dissecting of malicious programs ( al la www.sans.org), programming knowledge will come in very handy.

    the exploits i have worked on have usually been very simple stuff starting up from vaious batch files, exe's and registry entries buried all over a windows OS & NOS.

    but - thats the easy ones. where the intruder does not go into great lengths to hide themsleves and what they did.

    the more experienced guys tell me that there are much more complex and sophosotocated intrusions where it's very difficult to diagnose because intruder went into great effort to hide. i have not worked or seen a system with that compromise yet. but i hear it's much more challenging that the stuff i worked on.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  7. #7
    Banned
    Join Date
    Sep 2004
    Posts
    145
    The key to computer security, for both sides, is understandinghow the system works at its most basic levels. Programming experience helps, but it is not necessary. The thing is, when you are a programmer, you tend to understand software/OS interactions at a more basic level.

    secure_lockdown, there is nothing wrong or less advanced (figuratively speaking) about a script based attack. Many of the "best" exploits are nothing more than scripts.

  8. #8
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    yea like everyone is saying its helpfull but not required...i say learn it anyway.....give you a chance to broaden your mind and learn more....
    work it harder, make it better, do it faster, makes us stronger

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    As mentioned, it all goes down to the definition of "computer security expert" and/or
    you interests. Vulnerabilities as one example: Are you interested in exploiting vulnerabilites
    that have been found (which is in principle possible without knowing programming,
    however a bit of bashing is needed), or are you interested in finding new vulnerabilities.
    The latter is difficult even if you have the source code (C/C++, [VB] mostly), and more difficult
    if you haven't it (The knowledge of assembler then is a must. BTW: You can learn a
    lot by comparing patched with unpatched systems ie dll, so, exe).
    Another example: If you are interested in designing "secure" network topologies and/or
    company process policies, you should know some RFCs, you have to understand the principles
    of the OSs used in the company etc., hence progamming knowledge is not needed
    necessariliy.

    I recommend for a beginning: C/C++
    If you are interested in assembler, I recommend nasm[1]. I would not start by putting
    Assembler code into a C/C++ framework, since gcc (at least it was like that) understands
    At&T syntax only, while usually assemblers are Intel syntax based.


    But anyway: I agree with hexadecimal
    yea like everyone is saying its helpfull but not required...i say learn it anyway.....give you a chance to broaden your mind and learn more....

    [1] http://sourceforge.net/projects/nasm
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    The fundamental answer has to be "no" as you said that the context was "SECURITY"

    Security implies denial of access/attack?................programming is irrelevant in that context...........they can write them in all sorts of languages.........as already implied, I think that the real question has to be what area of security are you thinking of?

    My thoughts
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •