I’ve written a few posts about programming languages already and I don’t mean to run it dry, but as time progressed so did my growth and experience. From when I wrote those past articles until now, I have learned new concepts myself and have development my learning strategies; I felt like sharing what I’ve learned with readers. Also, I feel that it’s important to be diverse in programming languages and concepts because malware knows no bounds. There are nefarious JavaScript uses, the same goes for Python, Android applications, and backend ecosystems created using many languages (PHP & JavaScript) and components (backend SQL databases).
Okay, enough with the introduction. Let’s move on to what I wanted to share with you regarding how I go about learning any new programming language. That’s a bold statement but I stand by it. This stands true for many new languages I’ve learned. Note that I am not claiming to be an expert in any of these new languages, but I am certainly capable of debugging and “Googling my way to victory.”
Crucial Concepts you Need to Know
Beyond just the basics of knowing how to create variables and assigning respective values and even past the logical aspect of programming (using if-statements, or looping through lists), in order to learn any programming language, one must know how to print and interpret results. In fact, you can really think of this as debugging so to speak.
I remember when I was going through a rut of not being able to understand programming languages and concepts to my liking. The way I learn is quite the mix of many things that of course entails actually doing, acting on, and applying, but I enjoy first starting off by building some foundation, a starting point, to grow on. This foundation process includes reading many, many things such as official documentation, code snippets, as well as the ever-loved StackOverflow (SO) posts about given topics. The knowledge provided by these resources helps quench what I will refer to as the “umph” of the topic at hand.
The best example I can give of this is from SO. When users post questions, some of the responses are cut and dry; short, if you will. However, there are times when some answers offer context – and a lot of it. These “meaty” responses are great and help really solidify and bridge the gap in my understanding. Granted not all answers are like that, sometimes you have to dig a bit more or switch up search terms, but any post covering said topic has the potential to add that much more context to your understanding.
Now before I start deviating, let’s refocus. The main things to know are that you need to get started somewhere and somehow, then shift to understanding the basics of programming languages that I’ve covered before, but past this, and the main focal point of this post, is to learn how to debug.
Learning to debug includes not only understanding the error messages that are returned when a program fails, but also where and how to insert appropriate print statements. You must be aware of the datatypes being passed between functions. Datatypes and the permitted actions to be taken upon them vary between strings or integers, for example. You can’t do everything to a string datatype that you would to an integer datatype. Know when to print, how to check for datatypes and how to appropriately act upon respective datatypes, as well as using try/catch clauses – the latter allows for better control of uncertain logic. You’re able to try a block of code and catch or except any errors that may arise. Knowing what functions to use in the catch clause can help shed light.
Personal Real-Life Examples
Let me give you a few real-life examples I’ve personally experienced. Through debugging the past Exobot source code and updating certain functions from PHP 5.4 (which is the programming language the ecosystem was originally written in) to the more recent PHP 7.0, I learned quite a bit about PHP. As with all web pages, I started with the introduction page – the index file. Using that as a starting point and learning how to insert print statements or echo statements, I slowly started making my way through other files that the index page called upon. Some of these branched files even called for other files, so it was quite the challenge to figure out the ordering and insert the debugging statements where appropriate and how it was needed.
Not only that, but I also looked up a lot of functions I wasn’t aware of and learned what they did and their applicatory use. This gave way to seeing which functions were deprecated between the two PHP versions and becoming more knowledgeable with the language. There were HTML files that linked JavaScript files, so learning to manage and sift through them all was quite challenging, but very fun at that!
Through this experience, and to tie in with security awareness, I was able to use this knowledge in conjunction to learning malware analysis. As part of the Internet Security Report our team publishes quarterly, we investigate malware samples, analyze them to see how they work, then report on how they were resolved or what we can do to better secure ourselves and our information systems infrastructure.
Another recent example was our teams involvement in, and the development of, the Capture the Flag challenges held during Black Hat and DefCon, including building out a cool badge! This task involved learning C++ (for the badge code, at least) and that, well, it was fun but differed quite a bit from my endeavors in and experience with Python, JavaScript, or even PHP. Some basics were different, in terms of how to create variables, but the logic of looping and iterating was fairly similar.
One last example that’s more recent is creating proof-of-concept Android applications that can steal sensitive information. This, much like the C++ and coding the badge, was a whole new ball park but I am all for tackling new challenges! These proof-of-concepts somewhat trickled down for Exobot’s Android apk counterpart. It was written for older Android versions and security has improved quite a bit since then. The improvement of security is a great thing, but these improvements don’t completely rule out nefarious use cases. And I was able to get these concepts done using the suggested steps in my previously written article, along with this article’s main focus of knowing how to debug, as well as leveraging many other resources mentioned above (SO and a lot of online research).
Conclusion
There are a lot of things that one needs to be familiar with in order to be effective in programming. You can’t just wake up one day and learn everything in just that single day. Take some time to create some sort of plan on tackling a new subject or topic. Since I’m writing about programming, I’ll continue with that narrative.
Start by learning the basics, reading the documentation and actually playing with the provided code samples, if offered. Don’t just copy and paste them, though it saves time. Even if you do that, and especially if you just do that, actually alter some variable names used, try some logic from another section and add to it. See what errors are produced and research those errors. It’ll only be a matter of time between the mix of researching answers and reading related topics that you’ll start connecting the dots – this is how I feel things panned out for me.
The key takeaway in this post is to know how to debug the code. Functions are somewhat well documented, resources may be out there providing use case examples if not but knowing how to adapt sometimes older code examples into current releases, well this is a matter of debugging. Knowing how to handle code errors and what those errors mean make you stronger and more apt at overcoming challenges and frustrations derived from failing; I use failing here not in the sense of failing and not continuing, but rather learning how to not do something and how it doesn’t work. These failures make way for learning how something actually works and what it takes to make it work.