It’s time to put my own words into action and take on a new endeavor: learn JavaScript (JS). Previously, I wrote about What to Know About Programming Languages, which details a way to break into coding. Continuing with the Python narrative, I will compare what I’ve learned from JS so far to what I know about Python. Also, JS is a scripting language such as Python is, but is intended for frontend web development. That’s not to say you can’t use JS for backend development, there are frameworks available to do just that. However, JS is the default frontend scripting language for HTML and is interpreted by web browsers.
To preface why I am embarking on this task, I am doing so with the intention of being able to reverse engineer malware samples caught by our security services. At first, I thought about just taking on the task head first, due to my moderate understanding of general programming (essentially comparing what I read in JS to what I know about Python) and how variables are assigned and whatnot, but soon felt a tad overwhelmed. To be frank, some of the malware samples were fairly lengthy and not as easy to read as Python. This prompted me to at least go through the basics of JS, similar to what the aforementioned blog post covered.
Comparing and Contrasting the Basics
For the most part, defining variables and functions in JS is similar to that of Python. You have to use an appropriate identifier for the name of the variable used to store data values. The main difference is the need to use the keyword “var” in JS prior to declaring a variable (e.g., var varName;), Python requires no such keyword.
Another similarity is that you are not required to identify the type of data being stored in the variable and it can be interchanged between numbers and strings. To be clear, you can assign an example variable (let’s say var emilsVar) to be a string (e.g., var emilsVar = “Let’s learn JavaScript together!”;) and right after reassigning that variable to a number datatype (e.g., emilsVar = 2019;). There are some languages that require identifying the datatype prior to assigning the variable a value.
As for a collective way to store values, JS offers arrays, comparable to lists in Python. An example in JS would be var languagesEmilKnows = [‘python’, ‘javascript’];. In Python, you would drop the “var” keyword along with the “;”.
Also available in JS are objects, akin to Python’s dictionaries (and even classes) – they’re both key/value pairs. An example in JS is var emilsObject = {firstName:”Emil”, lastName:”Hozan”}; and in Python the same would be written as emilsDictionary = {“firstName”: “Emil”, “lastName”: “Hozan”}.
One very important aspect to point out, if you haven’t caught on so far, is the need to end every statement – a statement is simply a set of instructions to be executed – in JS with a semi-colon ( ; ). Declaring and defining a variable, for example, would require a trailing semi-colon. The same stands true for arrays and objects but only after the entire array or object is defined. Python has no such requirements.
Comparing and Contrasting Beyond the Basics
The idea of reserved keywords is more or less the same, I won’t go into detail about all of them. Just know that they are available to help with logical programming. You have the traditional “if” or “try” to allow for conditional logic or testing code and catching errors. Similar still are the logical operators, such as “&&,” “!,” or “||” which translate to “and,” “not,” or “or” in Python.
You can compare if values are the same or not (e.g., var x = 8; x == 8;). The first part of the example assigns the variable “x” with the numeric value of “8.” Next in the example, x is being compared to 8 again to ensure they’re equal.
What really stands out between Python and JS is that JS has “===”, which verifies that BOTH the value and type of the data match between variables (e.g., var x = “8”; x == 8; x === 8;).
The example once again assigns “x” the stringed value of “8,” which some languages can notice if a stringed value could be converted into its numeric counterpart (I didn’t previously cover this in my past post but it’s important to know this for JS). Based on that, when using “x == 8;” that would be true because the stringed “8” can indeed be converted to its numeric counter part of number 8. However, the catch here is that the datatypes are different between the two. Therefore “x === 8;” would be false due to the fact that despite the automatic conversion of “==” being true, this conversion wouldn’t change the datatype from the stringed value to that of a numeric datatype.
Comparing and Contrasting What Else You Should Know
One major difference between Python and JS is the ease of storing data locally. Python has the ability to do this natively, the program can take in input and persistently store it on the machine. JS does have the ability to do this but doesn’t seem to be able to do it with as much ease as Python. To not veer too far off course, read more about how to store data on the client machine with JS per this StackOverflow question, or use this Mozilla link for more details.
Personal Insights About JavaScript
I remember way back when, prior to being part of the Threat Lab team at WatchGuard, I considered a programming job. My interests were geared more towards the backend, as frontend development just didn’t attract me much despite having meandered into it previously. Personally, I am not great at picking appealing colors, fonts, or styling content in an attractive manner. Also, when I learned about JS and its use, that kind of added to my “I don’t want to pursue frontend development” mentality.
However, having gone through a few basic tutorials more recently, I was actually quite impressed with JS. It didn’t seem too difficult to follow; the syntax seemed fairly easy to grasp. My thoughts of JS changed dramatically – that is until I got ahold of some nefarious JS samples. Since then, also, I have read others’ thoughts on JS and I found them quite humorous. Many folks seem to not like JS, which makes sense depending on the length of the script and such, but I have learned of its benefits for web development.
As for where I stand with JS now, I will say that I have enjoyed learning what I have thus far and will continue to learn more JS. My main focus and objective is to break down nefarious scripts to help educate our readers and userbase, and to add value to the Threat Lab team here, as well as grow personally. Would I consider frontend development now, however? I would have to politely decline that opportunity still! Do I recommend it if you’re interested in web development? Of course! Dynamic websites make up a chunk of modern-day websites. JS can help alleviate server-side process and verifications and pawn these tasks to the client’s machine.
Conclusion
To recap, I am learning JavaScript to grow professionally and be able to reverse engineer nefarious scripts. These are my objectives and despite the sometimes-frustrating moments, my objectives keep me going. I am not expecting to learn this all in one day or week, rather I’m breaking down my learning into chunks and applying these chunks while analyzing procured malicious scripts. As I go through them, I still have to look things up, similar to what would happen in a development role. It’s infeasible to expect to remember everything and in fact, there is no need – we have the Internet readily available after all!
It’s important to have an end goal in mind, something to strive for that can help push you when you’re feeling oh, I don’t know, overwhelmed and maybe lost. It’s okay if and when that happens, we didn’t learn to walk as infants in one day; it was a progression of time and effort. The same applies to this fact: I identified why I wanted to learn JS, I referenced my previous blog while learning to ensure the steps are appropriate for a newcomer and got to where I am now. One day at a time, and one step at time within each day. Until next time!