If you are in the field of computer security then you know that there are several levels that you can study. You can study the lower levels of the machines and how they operate. There are a lot of people who choose this route to go with. And there is a lot of work to be done in this area of expertise. Not only are you dealing with the low levels of the machine being attacked but you also have so many different architectures that you have to think about. In the past if you wanted to protect a machine against a low level attack then the only type of architecture that you had to worry about was x86. While there were other platforms to attack, this is the one that was the most targeted since almost 80% of the computers out there were x86 based. That is no longer the case. Now there are not only a lot of x86 based computers, but also a lot of ARM based machines out there as well. This is in part thanks to the rise of the IPhone and Android. Because of these two phone platforms, ARM based architecture has made a real rise again.
When you are dealing with the lower level of the machine, you have to make sure that you learn the assembly language of that particular machine. You also have to learn the way that the memory is set up. Is it big endian or is it little endian. What are the virtual memory spaces on the machine? There is a lot that you have to consider. And when you are dealing with different types of machines it can all become a bit much. But there are a lot of people who do it and do it well.
But that is not the only types of attacks that you have to worry about when you are on the computer. Low level attacks are just one type of threat. You also have to worry about high level attacks as well. Most of the time when you think of high level attacks you are thinking about the client side or the UI side of the machine. These days most of that consists of the web and the web sites that a person visits while they are on the machine.
When you are dealing with high level attacks, you are mostly dealing in attacks such as SQL Injection, XSS which means (Cross Site Scripting), CSRF which means Cross Site Request Forgery and of course the old time special Session Hijacking. These are all attacks that you see on the web all of the time and while they have been around for a while, they can still cause a lot of problems.
While the lower level security of the machine is very important you cannot disregard the security on the higher levels of the machine as well. While it does not get the glory that the lower parts of the machine get, it is where most of the attacks come from and harms many more consumers.