When you deal with the complexity of computers for your everyday job you tend to gain a certain amount of respect for them and the people who made them. You start to realize that there are thousands of different pieces working together to make the magic that you see on the screen happen. People are amazed at how efficient the human body is and to a lesser extent the computer is the same way. There are so many things that can go wrong in the everyday workings of a computer that is a miracle that it doesn’t happen more often.
The way that all of this complexity is held together is through the miracles of computer languages. While the computer is a very complex machine it is still pretty much dumb. It needs to be told what to do. As the human who is operating it, there are certain commands that you give it when you push the button that it responds to. But those commands are made simpler through the use of computer language. A programmer has to take a computer language and make it accessible to a normal person. Most people are not able to process what an “if” or “while” statement does to a computer but they understand the click of a mouse. So the instructions that are given by a click of the mouse is an abstraction layer of those statements that I talked about earlier. So while the click is an abstraction layer to the language, a computer language is the abstraction layer that leads directly to the inner workings of the computer.
There are many different computer languages out there. And they vary by the domain that you are working in. If you want to do systems programming or desktop programming then you are going to want to use a language such as C, C++, C#, or Java. If you want to program a web site then it is best to use a language such as PHP, Perl, Ruby, or Python. These are all languages that can instruct the computer on what to do. They just do it in different ways. And all of these languages have another thing in common. They are another abstraction layer. Just like a mouse click on a link or a button is an abstraction layer over these languages, these languages are an abstraction layer over another language. This language is known as Assembly.
What is Assembly Language?
Assembly language is another language that talks to the computer but it tends to be a little terser than the other languages that I described previously. While the other languages are what you call human readable, Assembly language is far less so. It is known as the closest language that actually talks to the actual machine. The language is simple to implement but hard to understand at the same time. This is because it does not flow to the same patterns as human language does. It looks more like how a computer would speak. While I said before that the Assembly Language is the closest that you can get to talking to the machine itself, that is not exactly true. There is another language known as opcode that the actual processor speaks but that is simply numbers and is not human readable. The Assembly programming language is as close as you can get to the processor while still being able to understand it.
What does Assembly have to do with security?
The reason why knowing Assembly is great when you are in the security field is because once you know how it works; you know how the processor of the computer works. Assembly maps out pretty much what the processor is going to do. And since everything else that you do on the computer is based on this, you will already have a keen understanding. You will be able to spot problems even when you are in a higher level domain such as the web.
Black hat hackers like to learn Assembly language too because they are able to leave a smaller foot print size in their attacks. One of the smallest run times in any language is C. And even to run a simple program such as “hello world” you are still talking about several kilobytes. While that might be small in today’s computer world when you are talking about an attack that you are trying to sneak on the system that is very big. An attack written in Assembly language allows it to be a lot smaller. You are able to place the attack in hidden places in the memory which makes it harder to detect.
So as you can see no matter what level of computer security you work at being at least familiar with Assembly will help. At the very least you will know how the computer operates a lot better and that can only help in the long run. If learning the ins and outs of Assembly is too much for you then you might want to try C. The C language maps especially well with Assembly without being quite as terse.