13 answers
13 answers
Updated
Irene’s Answer
If you'd like to be a penetration tester, you have to be good at automating your tests, which means:
* Being comfortable around a command line (e.g. learning Bash scripting would be useful)
* Being comfortable writing scripts. Python is probably the best language for this.
* Being comfortable around a command line (e.g. learning Bash scripting would be useful)
* Being comfortable writing scripts. Python is probably the best language for this.
Thank you so much! This advice was very helpful!
Nievedha
Updated
Alain’s Answer
In my experience learning one programming language will help you understand and master many cybersecurity tools, processes and tasks. In practice what we use more frequently are scripting languages that help us automate many of the tasks we perform when working on a security review. Scripting languages such as Python, Javascript, Bash, PHP, Pearl and Powershell are powerful tools we use based on the systems reviewed.
Updated
E’s Answer
If you are set on penetration testing, here are some core skills:
- UNIX command line
- shell scripting, preferably Bash
- automation with Python
- malware analysis - this involves a certain level of familiarity with C and assembly
Beyond just learning a specific language though, you need to build and apply solutions that apply to specific use cases. languages are just a means to an end for this, and many can often do the same task in different ways. So practice makes perfect.
- UNIX command line
- shell scripting, preferably Bash
- automation with Python
- malware analysis - this involves a certain level of familiarity with C and assembly
Beyond just learning a specific language though, you need to build and apply solutions that apply to specific use cases. languages are just a means to an end for this, and many can often do the same task in different ways. So practice makes perfect.
Updated
Jason’s Answer
All of the other answers here are great places to focus your learning vis-a-vis languages.
To be excellent in a security role, it's most important to learn how the computer works, how it communicates over the network, how the operating system and the software running on it interact and how mistakes and omissions can result in vulnerabilities that can be exploited. It's also important to know how hackers think about those interactions when they're coming up with ways of exploiting flaws.
The programming languages you use then become your means of applying that knowledge to look for those vulnerabilities.
Learning Python, Bash, SQL (and/or other languages) will likely be necessary but not sufficient to be successful.
To be excellent in a security role, it's most important to learn how the computer works, how it communicates over the network, how the operating system and the software running on it interact and how mistakes and omissions can result in vulnerabilities that can be exploited. It's also important to know how hackers think about those interactions when they're coming up with ways of exploiting flaws.
The programming languages you use then become your means of applying that knowledge to look for those vulnerabilities.
Learning Python, Bash, SQL (and/or other languages) will likely be necessary but not sufficient to be successful.
Thank you for letting me know about the various sectors that I would need to know to succeed in security! I really appreciate the detailed and precise explanation!
Nievedha
Updated
Tuan’s Answer
As a software quality engineer, I've done many projects on security and using scripting languages. I would recommend learning the following:
1. Python and Javascript
2. C and Java
3. Get very strong with object oriented
4. Selenium
5. Cross site scripting fundamentals
1. Python and Javascript
2. C and Java
3. Get very strong with object oriented
4. Selenium
5. Cross site scripting fundamentals
Updated
Glen’s Answer
The most prevalent scripting/programming language today is Python. I would suggest starting with Python because it is very easy to learn and easily understood by humans. It runs on something that simulates a computer called an interpreter. Interpreters analyze and execute Python commands which makes Python very portable and flexible. Yet, at the same time it can be just as powerful as a "classic" Object Orientated Programming (commonly abbreviated with OOP) language like C++.
Many security and pen-testing tools use Python or software such as Ansible which is based on Python. Ansible is a common, open-source software provisioning, configuration management, and application-deployment tool. It maintains a single code base that runs on both Python 2 and Python 3.
In the end, Python is a great choice no matter which language you choose, they are all great paths into the realm of computer science. I hope this was helpful for you and anyone else interested in this area as there are no shortage of opportunities in the security space!
Many security and pen-testing tools use Python or software such as Ansible which is based on Python. Ansible is a common, open-source software provisioning, configuration management, and application-deployment tool. It maintains a single code base that runs on both Python 2 and Python 3.
In the end, Python is a great choice no matter which language you choose, they are all great paths into the realm of computer science. I hope this was helpful for you and anyone else interested in this area as there are no shortage of opportunities in the security space!
Thank you so much! This was a great explanation to what are the various languages needed in security! I did not know about Ansible and this was great information!
Nievedha
Updated
Tina’s Answer
Understanding the basics of programming is key. While there are different languages and ways to script, having a general understanding of the process will take you far regardless. With that said, Python , Bash and PowerShell are all used extensively. Remember that not all pen tests should come from the outside. Internal tests are just as valuable.
Updated
Samuel’s Answer
I tell everyone Python. I am actual currently a Blue Team guy but we work a lot with Red team guys and a lot of our job overlaps. Python is just so useful in so many different ways.
Favorite libraries:
pefile
pandas
sklearn
datetime
numpy
Favorite libraries:
pefile
pandas
sklearn
datetime
numpy
Updated
Darin’s Answer
If you want to see some of the popular languages out there look up the TIOBE index. Right now one of the most popular computer languanges is Java
Thank you for providing me a reference! I will definitely look it up!
Nievedha
Updated
Leslie’s Answer
To add to Irene's answer, as an entry-level pentester, you will need to get comfortable with scripting languages like :
1. Bash scripting (Windows & Linux),
2. Python
3. SQL
4. C
5. Javascript
Most exploits are made available in these languages so you need to be able to at least read the code if necessary. Python is the de-facto language for most exploits, but you will need to know how to read SQL, and C may come in handy when you want smaller executables. Javascript runs on many platforms so it will be a plus.
1. Bash scripting (Windows & Linux),
2. Python
3. SQL
4. C
5. Javascript
Most exploits are made available in these languages so you need to be able to at least read the code if necessary. Python is the de-facto language for most exploits, but you will need to know how to read SQL, and C may come in handy when you want smaller executables. Javascript runs on many platforms so it will be a plus.
Thank you Leslie! The detailed explanation for each language made me understand better😊
Nievedha
Updated
arunie’s Answer
Definitely Python.
Thank you Arunie! I do hear that alot! Thanks for confirming it!
Nievedha
Updated
James’s Answer
Python is frequently used in most aspects of penetration testing due to it's versatility. It can be used in network scanning, web fuzzing, exploit development, or any task where repetition is required. It is easy to learn and has abundant learning resources on the internet.
As with every language or skill, you MUST practice. Every single day. Writing small scripts, experiments, failed apps are all your homework. Use CTF challenges (WeChall, OverTheWire, Vulnhub) to practice.
As soon as you walk away from your keyboard, the knowledge will begin to dissipate unless you keep filling it.
As with every language or skill, you MUST practice. Every single day. Writing small scripts, experiments, failed apps are all your homework. Use CTF challenges (WeChall, OverTheWire, Vulnhub) to practice.
As soon as you walk away from your keyboard, the knowledge will begin to dissipate unless you keep filling it.