0

I'm in the process of considering which programming languages I should devote the majority of my coding studies to. I'm a 2nd year CS student, majoring in IT security.

What I want to do/work with:

  • Intelligence gathering
  • Relational databases
  • Virus design
  • Snort network IPS

Current coding experience (what I'm going to keep):

  • Java - intermediate
  • HTML5 - intermediate
  • SQL (MySQL, Oracle 11g) - basic
  • BASH - basic

I'm going to need to learn (at least) one of the following languages in order to be successful in my field.

Languages to add (at least 1):

  • Ruby (+Metasploit)
  • C++ (virus design, low-level driver interaction, computationally intensive applications)
  • Python (import ALL the things)

My dilemma: If I diversify too broadly, I won't be able to focus on, and improve in a specific niche. Does anyone have any advice as to how I should select a language?

What I'm considering + why

  • I'm leaning towards Ruby because of Metasploit support, despite lower efficiency when compared to Python.

Any suggestions based on real-world experience? Should I focus on Ruby, Python, or C++? Both Ruby, and Python have been regarded as syntactically similar to Java which my degree is based around. I'm going to be studying C++ in two years as a component of my malicious code class.

Thanks, Tyler

Tyler
  • 179
  • 6
  • 1
    StackExchange has a strict set of guidelines as to what kind of questions are allowed here - only questions with definitive and objective answers are accepted. Unfortunately, your question is too localised and will be unlikely to help future users. Furthermore, the answer is subjective - it entirely depends on your country, circumstances, personal preferences, etc. As such, this question will likely be closed. For more information, please see the [FAQ](http://security.stackexchange.com/faq). – Polynomial Oct 01 '12 at 07:33
  • As a side note - for general advice like this, come [join us in chat](http://chat.stackexchange.com/rooms/151/the-dmz). – Polynomial Oct 01 '12 at 07:35
  • This question may help you in getting your answer: http://security.stackexchange.com/a/11739/294 – Chris Dale Oct 01 '12 at 10:40

1 Answers1

2

If you want to learn about virus design, you will need some knowledge of assembly -- preferably for at least two or three distinct architectures (x86 is already two architectures, with the 32-bit and 64-bit modes; add ARM, Mips or PowerPC to that and you'll be all set). C++ is nowhere near low-level enough for that.

If you know assembly, you can grasp how C works (and why it works that way), and at that point all other languages become easy. And then you understand that the specific programming language is an illusion; it is not very important for security -- the concepts are important. Programming languages are just a way to express these concepts. The more languages you know, the less you will be distracted by the peculiarities of any particular language.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Thomas I would agree with your statements. Infact if you know x86 assembly well enough you can read the assembly code that C and C++ compilers generate in most cases. You could expand this knowlege into pretty much any platform once you know the assembly language for the platform well enough. This is how many of the Wii firmware modifications were developed. I only used that as an example because of the exploit in some of the release day games the Wii had that allowed the firmware to be patched. – Ramhound Oct 02 '12 at 12:24