Best beginning programming language for someone interested in IT security

Question

Backstory:

At the moment I'm someone with very limited knowledge on computers and programming, but I would like to change that. I have discovered that I'm mainly interested in IT security and that I would especially like to learn more about that (not going to deny that Skyfall didn't have a part in this, but that's certainly not the main reason) as opposed to for example game/app development and such. I don't know exactly why, maybe it has something to do with the fact that I myself have been a victim of viruses and phising a couple of times.

Question itself:

I have recently decided that I would like to learn my first programming language. This decision is seperate from my interest in IT security, but I would like my first language to be the language most useful for someone who wants to learn more about IT security. I feel this would be killing 2 birds with 1 stone. What would this language be and why?

Answer 1

To really understand IT security (and, more generally, computers), you will have to know how things go inside, so, sooner or later, you will have to learn assembly for one or two architectures (preferably more than two). The low-level exploit codes (e.g. for buffer overflows) don't make sense unless you know assembly. Then move on to C, which is very widespread and a usual target for such exploits. C is easy to learn if you know assembly. Once you know assembly and C, you can learn more complex languages (e.g. C# or Java); your understanding of the inner workings of the machine will guide you through the most "magical looking" features of such advanced languages. Following this path, you may then try scripting languages, where each language element hides an awful lot of computations.

This learning order, from low-level to high-level, is an ideal; I have yet to meet a single person who strictly adhered to it. In my own learning path, I started with Basic ("version 1.0", from 1984) and then switched to assembly (on a 6809E CPU) because Basic was really too slow on my machine (a 1 MHz CPU does not have a lot of muscle). Later on, I learned Pascal, then C, and some more assembly. Afterwards, I did a lot of C, I touched many other languages (e.g. Caml, PostScript, Prolog, Objective-C, C++), some scripting (Unix sh, Perl...) and even more assembly (on several distinct architectures). Even later on, I did a lot of Java. Also tried Forth, Scheme, some more assembly. Lately, I have done some C# (which is very similar to Java), PowerShell, and suffered from an outbreak of VB.

What is to remember is that every language has its quirks; you will achieve the programming equivalent of enlightenment if you can see beyond the particularities of any specific language, and concentrate on the underlying algorithmics. Knowing a lot of languages and architectures will help you greatly. It will also highlight what language features are especially "dangerous" to use, by which I mean prone to trigger exploitable weaknesses. Conversely, if you stick to a single language, then you will only be a mediocre practitioner of programming and IT security.

Other learning paths exist and some people are happy with them. Many apprentice programmers begin with something high-level like Python and only later on try to see "under the hood" how the computer really does things. I tend to favour the low-to-high path because it is similar to the path that I followed myself, but there is no absolute necessity in that.