1. Programming For Security Professionals March 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia

2. Objectives  Explain basic programming concepts  Write a simple C program  Describe and create basic Perl programs 2

3. Intro to Computer Programming  Effective security professionals must understand the rules of programming languages  In particular programming languages used in attack codes (C, Perl, HTML, etc.)  Minor mistakes in programs may  Make the programs produce unpredictable results  Create holes that lead to security breaches  Being a good programmer takes time and patience 3

4. Programming Fundamentals  Branching, Looping, and Testing (BLT)  Most programming languages have a way to…  branch, i.e. to connect one area of the program to another  loop; i.e. to perform a task over and over  test conditions; i.e. to verify some condition and returns true or false 4 Start Open file.c string name; int age Do until end_of_file If (Age < 21) Go to PrintMessage1 (age) Else Go to PrintMessage2 (age) Next PrintMessage1 () Print Name, “At age”, age, “you’re not allowed to enter the club” PrintMessage2 () Print Name, “At age”, age, “you’re allowed to enter the club” End Branching File.c NameAge John Doe43 Lisa Ulm20 Luis Perrez25 Catherine Coy18 Vicky Ilrich21 John Glady56 Cory Hart45 Luc Zacky22 Testing Looping

5. Programming Fundamentals (cont.)  Function – a mini program within a main program that carries out a task  Example: PrintMessage1()  Algorithm - defines steps for performing a task  Pseudocode - English-like language used to create the structure of a program 5 File.c NameAge John Doe43 Lisa Ulm20 Luis Perrez25 Catherine Coy18 Vicky Ilrich21 John Glady56 Cory Hart45 Luc Zacky22 Looping Start Open file.c string name; int age Do until end_of_file If (Age < 21) Go to PrintMessage1 (age) Else Go to PrintMessage2 (age) Next PrintMessage1 () Print Name, “At age”, age, “you’re not allowed to enter the club” PrintMessage2 () Print Name, “At age”, age, “you’re allowed to enter the club” End Pseudocode

6. Program documentation  Documenting a program is  Adding comments that help others understand  Added comments should explain what the code is supposed to do  Many programmers find it time consuming and tedious  Examples of comments in a program written in C // The following function was added to the program June 15, 2005 // This new function called PrinRoutine prints a message 10 times PrintRoutine() /* This starts the function */ { for(a=1; a<11; a++) /* Loop to print 10 times */ { printf (“This is line”, a);} } 6

7. Learning the C Language  Developed by Dennis Ritchie at Bell Laboratories in 1972  Powerful and concise language  UNIX was first written in assembly language and later rewritten in C  Assembly language  Uses a combination of hexadecimal numbers and expressions  C++  An enhancement of the C language 7

8. Learning the C Language (cont.)  Compiler  Converts a text-based program (source code) into executable or binary code  Some C compilers can also create executable programs in C++ 8 English Machine Language Programming languages Compilers

9. 9 9 Learning the C Language (cont.)

10. Anatomy of a C Program  The first computer program a C student learns /* The famous "Hello, world!" C program */ #include /* Load the standard IO library. The library contains functions your C program might need to call to perform various tasks. */ main() { printf("Hello, world!\n\n"); } 10

11. Anatomy of a C Program (cont.)  Use /* and */ to comment large portions of text  Use // for one-line comments  #include statement  Loads libraries that hold the commands and functions used in your program  Parentheses in C mean you are dealing with functions. Example: printf("Hello, world!\n")  main() function  Every C program requires a main() function 11

12. Anatomy of a C Program (cont.)  Braces shows where a function begins { and ends }  Functions can call other functions  Parameters or arguments are optional  \n represents a line feed 12

13. Declaring Variables  A variable represents a numeric or string value  You can declare variables at the beginning of a program  You must declare a variable before using it  C supports several variable types  Conversion specifiers tells the compiler how to convert the values in a function 13 main() { int counter = 1; // Declare and initialize counter variable string name // Declare the name variable as of string type If (counter <= 10) // test a condition { printf (“The counter is less than or equal to 10"; }

14. 14  C supports several variable types  Conversion specifiers tells the compiler how to convert the values in a function  Example: printf ("Counter is equal to %d\n", counter); Declaring Variables

15. Declaring Variables (continued)  Operators - compare values and perform mathematical calculations  Types  Mathematical operators  Logical operators 15

16. 16

17. BLT in C  While loop main() { int counter = 1; //Initialize counter variable while (counter <= 10) //Do what's in the brackets until false { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1; } 17

18. BLT in C (continued)  Do … While loop main() { int counter = 1; //Initialize counter variable do { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1 } while (counter <= 10); //Do what's in the brackets until //false }  For loop 18

19. 19  For loop BLT in C (continued)

20. Understanding Practical Extraction and Report Language (Perl)  Powerful scripting language  Developed by Larry Wall in 1987  Can run on almost any platform  *NIX-base OSs (including Mac OS X) already have Perl installed  Type perl –v at command line to find out the version installed  Perl syntax is similar to C  Hackers use Perl to write malware  Security professionals use Perl to perform repetitive tasks and conduct security monitoring 20

21. 21

22. Understanding the Basics of Perl  perl –h command  Gives you a list of parameters used with perl  perldoc  Displays the description of a perl scripting command 22

23. 23

24. 24

25. Understanding the BLT of Perl  Some syntax rules  Keyword “sub” is used in front of function names  Variables begin with the $ character  Comment lines begin with the # character  The & character indicates a function 25

26. Branching in Perl # Perl program illustrating the branching function # Documentation is important # Initialize variables $first_name = "Jimi"; $last_name = "Hendrix"; &name_best_guitarist; sub name_best_guitarist { printf "%s %s %s", $first_name, $last_name, "was the best guitarist!"; } 26

27. Looping in Perl  For loop for ($a = 1; $a <= 10; $a++) { print "Hello security testers!\n" }  While loop $a = 1; while ($a <=10) { print "Hello security testers!\n"; $a++ } 27

28. Testing Conditions in Perl if (($age > 12) && ($age < 20)) { print "You must be a know-it-all!"; } elsif ($age > 39) { print "You must lie about your age!"; } else { print "To be young..."; } 28

29. Testing Conditions in Perl (cont.) unless ($age == 100) { print "Still enough time to get a bachelor's degree."; } 29

30. 30

31. Understanding Object-Oriented Programming Concepts  New programming paradigm  There are several languages that support object-oriented programming  C++  C#  Java  Perl 6.0  Object Cobol 31

32. Components of Object-Oriented Programming  Classes  Structures that hold pieces of data and functions  The :: symbol  Used to separate the name of a class from a member function  Example:  Employee::GetEmp() 32

33. Components of Object-Oriented Programming (continued) // This is a class called Employee created in C++ class Employee { public: char firstname[25]; char lastname[25]; char PlaceOfBirth[30]; [code continues] }; void GetEmp() { // Perform tasks to get employee info [program code goes here] } 33