Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense 2 nd edition Chapter 7 Programming for Security Professionals Last modified 9-29-10.

Published byBrian Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense 2 nd edition Chapter 7 Programming for Security Professionals Last modified 9-29-10."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense 2 nd edition Chapter 7 Programming for Security Professionals Last modified 9-29-10

2 2 Objectives Explain basic programming concepts Explain basic programming concepts Write a simple C program Write a simple C program Explain how Web pages are created with HTML Explain how Web pages are created with HTML Describe and create basic Perl programs Describe and create basic Perl programs Explain basic object-oriented programming concepts Explain basic object-oriented programming concepts

3 3 Introduction to Computer Programming Computer programmers must understand the rules of programming languages Computer programmers must understand the rules of programming languages Programmers deal with syntax errors Programmers deal with syntax errors One minor mistake and the program will not run One minor mistake and the program will not run Or worse, it will produce unpredictable results Or worse, it will produce unpredictable results Being a good programmer takes time and patience Being a good programmer takes time and patience

4 4 Computer Programming Fundamentals Fundamental concepts Fundamental concepts Branching, Looping, and Testing (BLT) Branching, Looping, and Testing (BLT) Documentation Documentation Function Function Mini program within a main program that carries out a task Mini program within a main program that carries out a task

5 5 Branching, Looping, and Testing (BLT) Branching Branching Takes you from one area of the program to another area Takes you from one area of the program to another area Looping Looping Act of performing a task over and over Act of performing a task over and over Testing Testing Verifies some condition and returns true or false Verifies some condition and returns true or false

6 6 A C Program Filename ends in.c It's hard to read at first A single missing semicolon can ruin a program

7 7Comments Comments make code easier to read

8 8 Branching and Testing main() scanf() printf() Diagram of branches See links Ch 7b, 7c

9 9Looping

10 10 Branching, Looping, and Testing (BLT) Algorithm Algorithm Defines steps for performing a task Defines steps for performing a task Keep it as simple as possible Keep it as simple as possible Bug Bug An error that causes unpredictable results An error that causes unpredictable results Pseudocode Pseudocode English-like language used to create the structure of a program English-like language used to create the structure of a program

11 11 Pseudocode For Shopping PurchaseIngredients Function Call GetCar Function Call DriveToStore Function Purchase Bacon, Bread, Tomatoes, Lettuce, and Mayonnaise End PurchaseIngredients Function

12 12 Documentation Documenting your work is essential Documenting your work is essential Add comments to your programs Add comments to your programs Comments should explain what you are doing Comments should explain what you are doing Many programmers find it time consuming and tedious Many programmers find it time consuming and tedious Helps others understand your work Helps others understand your work

13 13 Bugs Industry standard Industry standard 20 to 30 bugs for every 1000 lines of code (link Ch 7f) 20 to 30 bugs for every 1000 lines of code (link Ch 7f) Textbook claims a much smaller number without a source Textbook claims a much smaller number without a source Windows 2000 contains almost 50 million lines Windows 2000 contains almost 50 million lines And fewer than 60,000 bugs (about 1 per 1000 lines) And fewer than 60,000 bugs (about 1 per 1000 lines) See link Ch 7e for comments in the leaked Win 2000 source code See link Ch 7e for comments in the leaked Win 2000 source code Linux has 0.17 bugs per 1000 lines of code Linux has 0.17 bugs per 1000 lines of code (Link Ch 7f) (Link Ch 7f)

14 14 Learning the C Language Developed by Dennis Ritchie at Bell Laboratories in 1972 Developed by Dennis Ritchie at Bell Laboratories in 1972 Powerful and concise language Powerful and concise language UNIX was first written in assembly language and later rewritten in C UNIX was first written in assembly language and later rewritten in C C++ is an enhancement of the C language C++ is an enhancement of the C language C is powerful but dangerous C is powerful but dangerous Bugs can crash computers, and it's easy to leave security holes in the code Bugs can crash computers, and it's easy to leave security holes in the code

15 15 Assembly Language The binary language hard-wired into the processor is machine language The binary language hard-wired into the processor is machine language Assembly Language uses a combination of hexadecimal numbers and expressions Assembly Language uses a combination of hexadecimal numbers and expressions Very powerful but hard to use (Link Ch 7g) Very powerful but hard to use (Link Ch 7g)

16 16 Compiling C in Ubuntu Linux Compiler Compiler Converts a text-based program (source code) into executable or binary code Converts a text-based program (source code) into executable or binary code To prepare Ubuntu Linux for C programming, use this command: To prepare Ubuntu Linux for C programming, use this command: sudo apt-get install build-essential Then you compile a file named "program.c" with this command: Then you compile a file named "program.c" with this command: gcc program.c –o program.exe

17 17 Anatomy of a C Program The first computer program a C student learns "Hello, World!" The first computer program a C student learns "Hello, World!"

18 18 Comments Use /* and */ to comment large portions of text Use /* and */ to comment large portions of text Use // for one-line comments Use // for one-line comments

19 19 Include #include statement #include statement Loads libraries that hold the commands and functions used in your program Loads libraries that hold the commands and functions used in your program

20 20 Functions A Function Name is always followed by parentheses ( ) A Function Name is always followed by parentheses ( ) Curly Braces { } shows where a function begins and ends Curly Braces { } shows where a function begins and ends main() function main() function Every C program requires a main() function Every C program requires a main() function main() is where processing starts main() is where processing starts

21 21 Functions Functions can call other functions Functions can call other functions Parameters or arguments are optional Parameters or arguments are optional \n represents a line feed \n represents a line feed

22 22 Declaring Variables A variable represents a numeric or string value A variable represents a numeric or string value You must declare a variable before using it You must declare a variable before using it

23 23 Variable Types in C

24 24 Mathematical Operators The i++ in the example below adds one to the variable i The i++ in the example below adds one to the variable i

25 25 Mathematical Operators

26 26 Logical Operators The i<11 in the example below compares the variable i to 11 The i<11 in the example below compares the variable i to 11

27 27 Logical Operators

28 28 Demonstration: Buffer Overflow

29

30 Which of these items are essential parts of every programming language? A.Branching B.Looping C.Testing D.All of the above E.None of the above 30 1 of 5

31 Which of these items is the binary language built into the Pentium IV chip? A.Compiler B.Include C.Pseudocode D.Assembly Language E.Machine language 31 2 of 5

32 Which of these codes are used to insert comments into C programs? A.( ) B.{ } C.\n D./* */ E.#include 32 3 of 5

33 Which item is required in every C program? A. B./* */ C.#include D.main() E.None of the above 33 4 of 5

34 Which of these codes are used to insert library code into C programs? A.( ) B.{ } C.main D./* */ E.#include 34 5 of 5

35 35 Understanding HTML Basics HTML is a language used to create Web pages HTML is a language used to create Web pages HTML files are text files HTML files are text files Security professionals often need to examine Web pages Security professionals often need to examine Web pages Be able to recognize when something looks suspicious Be able to recognize when something looks suspicious

36 36 Creating a Web Page Using HTML Create HTML Web page in Notepad Create HTML Web page in Notepad View HTML Web page in a Web browser View HTML Web page in a Web browser HTML does not use branching, looping, or testing HTML does not use branching, looping, or testing HTML is a static formatting language HTML is a static formatting language Rather than a programming language Rather than a programming language symbols denote HTML tags symbols denote HTML tags Each tag has a matching closing tag Each tag has a matching closing tag and and

37 37

38 38

39 39

40 40 Understanding Practical Extraction and Report Language (Perl) PERL PERL Powerful scripting language Powerful scripting language Used to write scripts and programs for security professionals Used to write scripts and programs for security professionals

41 41 Background on Perl Developed by Larry Wall in 1987 Developed by Larry Wall in 1987 Can run on almost any platform Can run on almost any platform *NIX-base OSs already have Perl installed *NIX-base OSs already have Perl installed Perl syntax is similar to C Perl syntax is similar to C Hackers use Perl to write malware Hackers use Perl to write malware Security professionals use Perl to perform repetitive tasks and conduct security monitoring Security professionals use Perl to perform repetitive tasks and conduct security monitoring

42 42

43 43 Understanding the Basics of Perl perl –h command perl –h command Gives you a list of parameters used with perl Gives you a list of parameters used with perl

44 44

45 45 Understanding the BLT of Perl Some syntax rules Some syntax rules Keyword “sub” is used in front of function names Keyword “sub” is used in front of function names Variables begin with the $ character Variables begin with the $ character Comment lines begin with the # character Comment lines begin with the # character The & character is used when calling a function The & character is used when calling a function

46 46 Branching in Perl &speak; Calls the subroutine Calls the subroutine sub speak Defines the subroutine Defines the subroutine

47 47 For Loop in Perl For loop For loop

48 48 Testing Conditions in Perl

49 49 Understanding Object-Oriented Programming Concepts New programming paradigm New programming paradigm There are several languages that support object-oriented programming There are several languages that support object-oriented programming C++ C++ C# C# Java Java Perl 6.0 Perl 6.0 Object Cobol Object Cobol

50 50 Components of Object-Oriented Programming Classes Classes Structures that hold pieces of data and functions Structures that hold pieces of data and functions The :: symbol The :: symbol Used to separate the name of a class from a member function Used to separate the name of a class from a member function Example: Example: Employee::GetEmp() Employee::GetEmp()

51 51 Example of a Class in C++ class Employee {public: char firstname[25]; char lastname[25]; char PlaceOfBirth[30]; [code continues] }; void GetEmp() { // Perform tasks to get employee info [program code goes here] }

52 Ruby Example Metasploit is written in Ruby Metasploit is written in Ruby See link Ch 7u See link Ch 7u 52

53

54 Which of these is not a programming language? A.C B.C++ C.Java D.HTML E.Perl 54 1 of 5

55 Which of these languages is most commonly interpreted, rather than compiled? A.C B.C++ C.Java D.Perl E.None of the above 55 2 of 5

56 Which of these languages denotes variables with the $ character? A.C B.C++ C.Java D.HTML E.Perl 56 3 of 5

57 Which of these languages uses the :: symbol to indicate members of a class? A.C B.C++ C.Assembly Language D.HTML E.Perl 57 4 of 5

58 Which of these languages is primarily designed for file input and output? A.C B.C++ C.Assembly Language D.HTML E.Perl 58 5 of 5

Download ppt "Hands-On Ethical Hacking and Network Defense 2 nd edition Chapter 7 Programming for Security Professionals Last modified 9-29-10."

Similar presentations

Introducing JavaScript

Introducing JavaScript
 2005 Pearson Education, Inc. All rights reserved. 1 1 1 Introduction.

 2005 Pearson Education, Inc. All rights reserved Introduction.
Chapter 1: Introduction

Chapter 1: Introduction
Introduction to C Programming CE00312-1 Lecture 1 Introduction to C.

Introduction to C Programming CE Lecture 1 Introduction to C.
Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.

Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.
Computers: Tools for an Information Age

Computers: Tools for an Information Age
XP 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial 10.

XP 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial 10.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.

Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.
CMSC 104, Version 9/011 Introduction to C Topics Compilation Using the gcc Compiler The Anatomy of a C Program 104 C Programming Standards and Indentation.

CMSC 104, Version 9/011 Introduction to C Topics Compilation Using the gcc Compiler The Anatomy of a C Program 104 C Programming Standards and Indentation.
Programming Concepts and Languages Chapter 12 – Computers: Understanding Technology, 3 rd edition 1November 17. 2008.

Programming Concepts and Languages Chapter 12 – Computers: Understanding Technology, 3 rd edition 1November
CSE 1301 J Lecture 2 Intro to Java Programming Richard Gesick.

CSE 1301 J Lecture 2 Intro to Java Programming Richard Gesick.
Copyright 2003 Scott/Jones Publishing Brief Version of Starting Out with C++, 4th Edition Chapter 1 Introduction to Computers and Programming.

Copyright 2003 Scott/Jones Publishing Brief Version of Starting Out with C++, 4th Edition Chapter 1 Introduction to Computers and Programming.
© Paradigm Publishing Inc. 12-1 Chapter 12 Programming Concepts and Languages.

© Paradigm Publishing Inc Chapter 12 Programming Concepts and Languages.
Introducing Java.

Introducing Java.
Java Programming, 2E Introductory Concepts and Techniques Chapter 2 Creating a Java Application and Applet.

Java Programming, 2E Introductory Concepts and Techniques Chapter 2 Creating a Java Application and Applet.
A First Program Using C#

A First Program Using C#
Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.

Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 1: Introduction to Computers and Programming.

Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 1: Introduction to Computers and Programming.
Chapter 3: Completing the Problem- Solving Process and Getting Started with C++ Introduction to Programming with C++ Fourth Edition.

Chapter 3: Completing the Problem- Solving Process and Getting Started with C++ Introduction to Programming with C++ Fourth Edition.

Similar presentations

Ads by Google