1 / 52

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense. Chapter 7 Programming for Security Professionals. Objectives. Explain basic programming concepts Write a simple C program Explain how Web pages are created with HTML Describe and create basic Perl programs

delta
Télécharger la présentation

Hands-On Ethical Hacking and Network Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands-On Ethical Hacking and Network Defense Chapter 7 Programming for Security Professionals

  2. Objectives • Explain basic programming concepts • Write a simple C program • Explain how Web pages are created with HTML • Describe and create basic Perl programs • Explain basic object-oriented programming concepts Hands-On Ethical Hacking and Network Defense

  3. Introduction to Computer Programming • Computer programmers must understand the rules of programming languages • Programmers deal with syntax errors • One minor mistake and the program will not run • Or worse, it will produce unpredictable results • Being a good programmer takes time and patience Hands-On Ethical Hacking and Network Defense

  4. Computer Programming Fundamentals • Fundamental concepts • Branching, Looping, and Testing (BLT) • Documentation Hands-On Ethical Hacking and Network Defense

  5. Branching, Looping, and Testing (BLT) • Function • Mini program within a main program that carries out a task • Branching • Takes you from one area of the program to another area • Looping • Act of performing a task over and over • Testing • Verifies some condition and returns true or false Hands-On Ethical Hacking and Network Defense

  6. Branching, Looping, and Testing (BLT) (continued) main() { int a = 1 /* Variable initialized as an integer, value 1 */ if (a > 2) /* Testing if "a" is greater than 2 */ printf("A is greater than 2"); else GetOut(); /* Branching--calling a different function */ GetOut() /* Do something interesting here */ { for(a=1; a<11; a++) /* Loop to print 10 times */ { printf("I'm in the GetOut() function"); } } } Hands-On Ethical Hacking and Network Defense

  7. Branching, Looping, and Testing (BLT) • Algorithm • Defines steps for performing a task • Keep it as simple as possible • Bug • An error that causes unpredictable results • Pseudocode • English-like language used to create the structure of a program Hands-On Ethical Hacking and Network Defense

  8. Documentation • Documenting your work is essential • Add comments to your programs • Comments should explain what you are doing • Many programmers find it time consuming and tedious • Helps others understand your work • Industry standard • One bug for every 2000 lines of code • Windows 2000 contains almost 50 million lines • And fewer than 60,000 bugs Hands-On Ethical Hacking and Network Defense

  9. Documentation (continued) // The following function was added to the program June 15, 2005 // per a request from the Marketing Department. // It appears that reports generated by the sales() function were // not giving the Marketing folks information about the sales in // Asia. This new function now uses data from text files from the // offices in Tokyo and Hong Kong. – Bob C. Twins Hands-On Ethical Hacking and Network Defense

  10. Learning the C Language • Developed by Dennis Ritchie at Bell Laboratories in 1972 • Powerful and concise language • UNIX was first written in assembly language and later rewritten in C • Assembly language • Uses a combination of hexadecimal numbers and expressions • C++ • An enhancement of the C language Hands-On Ethical Hacking and Network Defense

  11. Learning the C Language (continued) • Compiler • Converts a text-based program (source code) into executable or binary code • Some C compilers can also create executable programs in C++ Hands-On Ethical Hacking and Network Defense

  12. Hands-On Ethical Hacking and Network Defense

  13. Anatomy of a C Program • The first computer program a C student learns /* The famous "Hello, world!" C program */ #include <stdio.h> /* Load the standard IO library. The library contains functions your C program might need to call to perform various tasks. */ main() { printf("Hello, world!\n\n"); } Hands-On Ethical Hacking and Network Defense

  14. Anatomy of a C Program (continued) • Use /* and */ to comment large portions of text • Use // for one-line comments • #include statement • Loads libraries that hold the commands and functions used in your program • Parentheses in C mean you are dealing with functions • main() function • Every C program requires a main() function Hands-On Ethical Hacking and Network Defense

  15. Anatomy of a C Program (continued) • Braces shows where a function begins and ends • Functions can call other functions • Parameters or arguments are optional • \n represents a line feed Hands-On Ethical Hacking and Network Defense

  16. Hands-On Ethical Hacking and Network Defense

  17. Declaring Variables • A variable represents a numeric or string value • You can declare variables at the beginning of a program • You must declare a variable before using it • C supports several variable types • Conversion specifiers tells the compiler how to convert the values in a function Hands-On Ethical Hacking and Network Defense

  18. Hands-On Ethical Hacking and Network Defense

  19. Hands-On Ethical Hacking and Network Defense

  20. Declaring Variables (continued) • Operators • Compare values • Perform mathematical calculations • Types • Mathematical operators • Logical operators Hands-On Ethical Hacking and Network Defense

  21. Hands-On Ethical Hacking and Network Defense

  22. Hands-On Ethical Hacking and Network Defense

  23. Branching, Looping, and Testing in C • Branching main() { prompt(); //Call function to prompt user with a question display(); //Call function to display graphics on screen calculate(); //Call function to do complicated math cleanup(); //Call function to make all variables equal to //zero prompt() { [code for prompt() function goes here] } display() { [code for display() function goes here] } [etc.] } Hands-On Ethical Hacking and Network Defense

  24. Branching, Looping, and Testing in C (continued) • While loop main() { int counter = 1; //Initialize counter variable while (counter <= 10) //Do what's in the brackets until false { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1; } } Hands-On Ethical Hacking and Network Defense

  25. Hands-On Ethical Hacking and Network Defense

  26. Branching, Looping, and Testing in C (continued) • Do loop main() { int counter = 1; //Initialize counter variable do { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1 } while (counter <= 10); //Do what's in the brackets until //false } • For loop Hands-On Ethical Hacking and Network Defense

  27. Hands-On Ethical Hacking and Network Defense

  28. Understanding HTML Basics • HTML is a language used to create Web pages • HTML files are text files • Security professionals often need to examine Web pages • Be able to recognize when something looks suspicious Hands-On Ethical Hacking and Network Defense

  29. Creating a Web Page Using HTML • Create HTML Web page in Notepad • View HTML Web page in a Web browser • HTML does not use branching, looping, or testing • HTML is a static formatting language • Rather than a programming language • < and > symbols denote HTML tags • Each tag has a matching closing tag • <HTML> and </HTML> Hands-On Ethical Hacking and Network Defense

  30. Hands-On Ethical Hacking and Network Defense

  31. Hands-On Ethical Hacking and Network Defense

  32. Hands-On Ethical Hacking and Network Defense

  33. Understanding Practical Extraction and Report Language (Perl) • PERL • Powerful scripting language • Used to write scripts and programs for security professionals Hands-On Ethical Hacking and Network Defense

  34. Background on Perl • Developed by Larry Wall in 1987 • Can run on almost any platform • *NIX-base OSs already have Perl installed • Perl syntax is similar to C • Hackers use Perl to write malware • Security professionals use Perl to perform repetitive tasks and conduct security monitoring Hands-On Ethical Hacking and Network Defense

  35. Hands-On Ethical Hacking and Network Defense

  36. Hands-On Ethical Hacking and Network Defense

  37. Hands-On Ethical Hacking and Network Defense

  38. Understanding the Basics of Perl • perl –h command • Gives you a list of parameters used with perl • perldoc • Displays the description of a perl scripting command Hands-On Ethical Hacking and Network Defense

  39. Hands-On Ethical Hacking and Network Defense

  40. Hands-On Ethical Hacking and Network Defense

  41. Hands-On Ethical Hacking and Network Defense

  42. Understanding the BLT of Perl • Some syntax rules • Keyword “sub” is used in front of function names • Variables begin with the $ character • Comment lines begin with the # character • The & character indicates a function Hands-On Ethical Hacking and Network Defense

  43. Branching in Perl # Perl program illustrating the branching function # Documentation is important # Initialize variables $first_name = "Jimi"; $last_name = "Hendrix"; &name_best_guitarist; sub name_best_guitarist { printf "%s %s %s", $first_name, $last_name, "was the best guitarist!"; } Hands-On Ethical Hacking and Network Defense

  44. Looping in Perl • For loop for ($a = 1; $a <= 10; $a++) { print "Hello security testers!\n" } • While loop $a = 1; while ($a <=10) { print "Hello security testers!\n"; $a++ } Hands-On Ethical Hacking and Network Defense

  45. Testing Conditions in Perl if (($age > 12) && ($age < 20)) { print "You must be a know-it-all!"; } elsif ($age > 39) { print "You must lie about your age!"; } else { print "To be young..."; } Hands-On Ethical Hacking and Network Defense

  46. Testing Conditions in Perl (continued) unless ($age == 100) { print "Still enough time to get a bachelor's degree."; } Hands-On Ethical Hacking and Network Defense

  47. Hands-On Ethical Hacking and Network Defense

  48. Understanding Object-Oriented Programming Concepts • New programming paradigm • There are several languages that support object-oriented programming • C++ • C# • Java • Perl 6.0 • Object Cobol Hands-On Ethical Hacking and Network Defense

  49. Components of Object-Oriented Programming • Classes • Structures that hold pieces of data and functions • The :: symbol • Used to separate the name of a class from a member function • Example: • Employee::GetEmp() Hands-On Ethical Hacking and Network Defense

  50. Components of Object-Oriented Programming (continued) // This is a class called Employee created in C++ class Employee { public: char firstname[25]; char lastname[25]; char PlaceOfBirth[30]; [code continues] }; void GetEmp() { // Perform tasks to get employee info [program code goes here] } Hands-On Ethical Hacking and Network Defense

More Related