Results 1 to 7 of 7

Thread: C/C++ vs Java

Hybrid View

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default C/C++ vs Java

    Hi!

    I know this questions is not part of backtrack but it's pentesting related:

    I got a job offer working as programmer in java, but I'm confused about how would this help my career.

    My career plan is to work ~3 years in programming(in parallel to work on CCNA, some entry level pentesting), another ~2years in network programming( to have programming expertise in networking, maybe to develop some CCNP skills, take advanced Offensive Security certifications), another ~ 2years in some ASM( not necessary only ASM, but to have a some expertise in it), after this, a job in pentesting/security.

    I think (for me) this is the right path to work in pentesting&security.

    I don't know for sure, but my guess is that the most important programming languages in pentesting would be C/C++,ASM,Perl/Python/Ruby + web development, but it's just a guess. How could Java help me? Is there a great demand in Java as security expert? Greater than the others mentioned above?

    I'm interested what the senior developers would say about this. I really want to hear some thoughts from those who work in the field and have senior experience in this. However I won't disregard the opinions on those who are only at the beginning of the road.



    Best Regards
    Last edited by erhardm; 05-26-2011 at 03:01 PM.
    Great minds have purposes, others have wishes

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: C/C++ vs Java

    IMHO it's irrelevant. If you can code in Java you can code is most relevant modern languages.

    A loop is a loop is a loop, the syntax may very slightly from language to language but basically they all boil it down to start here (a), go here (z), and optionally increment by something (m), stop when here (z) is reached or exceeded (or whatever necessary condition is met).

    The nitty gritty differences in inheritance, polymorphism, garbage collection, syntax etc can be picked up really quickly once you realize that it's almost all the same.

    No single language is going to make or break your pen testing career, the thing that's important is understanding how to design things logically and robustly.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default Re: C/C++ vs Java

    Quote Originally Posted by thorin View Post
    IMHO it's irrelevant. If you can code in Java you can code is most relevant modern languages.
    My opinion is that if you code Java for n years you can't get a job in C/C++ as senior developer. It would be a step back for your career because you won't have the same expertise. This concerns me. I have to pick wisely the main programming language(of course you won't know only one programming language), where I should work, so I could gain experience and use that in penetration testing.

    Regards
    Great minds have purposes, others have wishes

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: C/C++ vs Java

    Quote Originally Posted by erhardm View Post
    My opinion is that if you code Java for n years you can't get a job in C/C++ as senior developer.
    True however pentester != senior developer.

    Seems like you need to decide what you actually want to do with your career.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member
    Join Date
    Jan 2010
    Posts
    107

    Default Re: C/C++ vs Java

    Quote Originally Posted by thorin View Post
    True however pentester != senior developer.
    I think it's more like pentester > senior developer.
    You have to know as much as possible of the inner workings of the applications you want to exploit & inner workings of techniques you use to exploit. In house pentester has to know more than the developer, he has to provide a patch to a problem(something that the developer didn't considered it being a problem before the assessment, hence he implemented it in that way). Blind penetration testing would also imply knowing the inner workings as much as possible to choose the right tools or develop new ones if needed.

    Back to my original question, how would Java influence my future pentester career? Would it be better to be (mainly) a C/C++ developer?


    Regards
    Last edited by erhardm; 05-26-2011 at 05:24 PM.
    Great minds have purposes, others have wishes

  6. #6
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: C/C++ vs Java

    How CCNP can be related to network programming?.My advice is do not spend money on entry-level Cisco certs, instead purchase some CCIE level books about the networking concepts like :switching ,routing , mpls.
    Great books about the topics mentioned above are: TCP/IP Illustrated , Routing TCP/IP , Cisco LAN Switching.Learn those concepts to gain knowledge also read RFC's.
    Next study Windows internals , network stack , NDIS driver stack, also learn some debugging and API dissasembling.Do not forget that professional pentester knowledge is based on the theory of Operating System internal architecture.
    Regarding programming languages if your path is to write exploits learn x86 assembly language , read Intel processor manuals, study hard C language.
    I would also recommend linux books about the kernel and networking.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: C/C++ vs Java

    Yes and no (mostly no....IMHO).

    You'll never be able to know more than the developer unless you're talking about becoming a software tester for a specific company/product (which again isn't really a pen tester). Your job as a pen tester (contracted to 3rd parties or other groups within an organization or Gov't department) is to know or come up with things your client's Sr developer(s) didn't.

    There is no guarantee that your target will be coded in C, C++, Java, Python, Ruby, etc hence you need to be a jack of all trades....which leads to being a master of none. Well really you need to be a master of thinking outside the box.

    As a pen tester you shouldn't have to provide code fixes. You should simply have to say the target you assessed failed in this way when subjected to this type of input or interaction. It's up to the actual target or product owners/developers to figure out how to specifically address those conditions and the associated failure.
    Last edited by thorin; 05-26-2011 at 05:46 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. Replies: 1
    Last Post: 09-05-2012, 01:48 PM
  2. Bt5 and java?
    By Cammie in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 05-15-2011, 08:37 AM
  3. decompilers for Java (and .net?)
    By c0rruption in forum Tool Requests
    Replies: 0
    Last Post: 12-30-2010, 12:46 AM
  4. using latest Sun Java JRE
    By brtw2003 in forum BackTrack Howtos
    Replies: 0
    Last Post: 10-04-2010, 12:34 PM
  5. update java in bt3
    By shamanvirtuel in forum OLD Feature requests
    Replies: 1
    Last Post: 10-01-2007, 03:28 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •