Programming languages? - question for security people
J0e
Member Posts: 45 ■■□□□□□□□□
What programming languages do you guys/girls know and how well?
Just curious , planning to go the security path!
My was to start with Perl and then...
Thx
Just curious , planning to go the security path!
My was to start with Perl and then...
Thx
Comments
-
JDMurray Admin Posts: 13,092 AdminLearning to program is an excellent supplement to learning information security. What programming language(s) you lean depends on what you want to do in InfoSec. Many system security tasks are performed using scripting languages (JavaScript, VBScript, Perl) and shell programming. Reverse engineering and vulnerability assessment (hacking) relies on the knowledge and use of C and x86 assembly language. And although security tools can be written in any language, C++ is the most popular, C# is great for (only) Windows, and Java is the most portable between hardware platforms and operating systems.
Hey, if this thread gets a lot of good responses I'll make a TE blog article out of it. -
dynamik Banned Posts: 12,312 ■■■■■■■■■□What's your background in programming? Perl's awesome, but it can be a lot to take in for a novice. Python is easy to learn and can be used for pretty much any application. You might want to consider starting there if you're a beginner.
Personally, I know PHP and Javascript very well, and I have varying degrees of skill with C++, C#, Perl, Python, and VB. After you develop a solid foundation, and you can transition to other languages fairly easily. -
seuss_ssues Member Posts: 629For security linux is my platform of choice. The number of available tools, compilers, etc is outstanding. With that being said i find it very useful to know bash scripting and C.
-
coffeeking Member Posts: 305 ■■■■□□□□□□I am relatively new to InfoSec, preparing for Security+, but I had no idea if one would need to learn any programming languages to make it in InfoSec. Is it the same for Cisco guys?
-
J0e Member Posts: 45 ■■□□□□□□□□dynamik wrote:What's your background in programming? Perl's awesome, but it can be a lot to take in for a novice. Python is easy to learn and can be used for pretty much any application. You might want to consider starting there if you're a beginner.
Personally, I know PHP and Javascript very well, and I have varying degrees of skill with C++, C#, Perl, Python, and VB. After you develop a solid foundation, and you can transition to other languages fairly easily.
None background in programming, started C# a couple of weeks ago because need to do some calculations for a college course, that was my first "touch" with programming.
Have really no interest in C# right now, my focus is more on scripting languages like Perl and Python that could help me when I get a sysadmin job to solve some tasks faster and better and then transit to security ! What language is "easier" Perl or Python(+ dynamik) to start with?
Thx guys -
undomiel Member Posts: 2,818Granted I had dabbled in C/C++ and x86 assembly on and off but not seriously prior to this, but when I learned Perl (weekend long crash course to fix a very critical problem) I found it to be a fairly easy language to grasp. I can't comment on Python though as I have never touched that.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
Gennosuke HIGAKI Member Posts: 68 ■■□□□□□□□□I have experienced both compiled ones and interpreters, though, I am good at the latter Web based perl, php, asp, and JavaScript. I am learning C# now to step into .NET world.
From my experiences, if you were really security oriented, I recommend shell programming first, say, bash or C shell in Linux. These are essential and helpful in using Linux and Cisco IOS. Then, perl. Perl is mighty and applied in both edges, right and evil. Interpreters are generally easier and useful in various real aspects. -
Schluep Member Posts: 346I have experience writing in or editting FORTRAN/Fortran 95, ASP.NET, PHP, and C. I'll be honest, my programming skills are falling a bit behind since I haven't been using them as much lately and I'd be a bit slow writing in any of those languages at this point.
From a security perspective I definitely plan on picking up Javascript and assembly as well as practicing up on my C again at some point. -
BigTone Member Posts: 283among the microsoft certs I plan on taking in the near future Linux and security are really poking my brain and something I want to learn... but as I said on a different forum java scared me in college....
Other responses I've heard that are good for security/ethical hacking (and these responses were echoed in this thread) are bash/perl/scripting languages and a little C couldn't hurt eh?
I third the blogging on programming in security. I'd love to read it. -
keatron Member Posts: 1,213 ■■■■■■□□□□Right now in the field I'm doing a lot with 86 assembly and a TON with Python. Everything from log parsing to cloning access cards and tokens (the swipe cards you use to enter a secure facility). Somebody discovered that ripping the data from these devices (if you get close enough or have a strong enough antenna attached to a device tuned to the right frequency), is pretty trivial. And Python is the best way I've found to parse the data pulled from these cards and burn it to a blank card. End result. Stand next to a guy in the elevator. With your ripping device hidden in your coat, stand as close to him as possible, you hear a beep in your pocket (or feel a vibration if you're smart), and you both go on your merry way. You go to your laptop, plug the device from your coat into your laptop via usb or serial, **** the data, run the correct Python script which puts the data back in the format it needs to be in (because it **** like garbage when you do a brute force copy like i described above), burn it to a blank card (preferably the same vendor as the one you cloned from the guy in the elevator), and just like that, you're that guy. You can get into any building or room he can. Obviously there are some small details I left out, but I think you get the point. My penetration success has gone up tremendously since I borrowed this idea, technique and equipment from Adam Laurie at Blackhat last year. If you wanna know more go to rfidiot.org. You'll see that all of his example scripts are Python.
I'm officailly in love and getting married to Python~~ -
J0e Member Posts: 45 ■■□□□□□□□□@JDMurray: that would be
@coffeeking: If you wanna do it seriously I think you should know at least 1
@keatron: nice post, did some additional resource and I'm very close to chose Python this sentence got me "can be learned in a few days"*
wish you a long and happy life with Python
*python.org -
liven Member Posts: 918I would like to put my 2 cents in for:
Perl
C
I learned C first, and it has made learning, bash, shell, PHP, ruby, perl, java and other MUCH easier for me...
But I am sure you could make that argument for just about any language. I think the fact that I learned C in school and was forced to do a lot of things that I would never have done made me really "learn" C. Which gave me a solid foundation for programming in general...
Once again "just my 2 cents".encrypt the encryption, never mind my brain hurts. -
JDMurray Admin Posts: 13,092 Adminshednik wrote:JDMurray wrote:
Hey, if this thread gets a lot of good responses I'll make a TE blog article out of it.
Do it! you haven't written in awhile anyway if I'm not mistaken.
slacker
I'll do some research in the use of programming in InfoSec and write a blog article. I've got an idea of the major topics, but I need to find some more real-world examples. -
shednik Member Posts: 2,005JDMurray wrote:Check again--we now have a new virtualization forum and an announcement blog article.
I'll do some research in the use of programming in InfoSec and write a blog article. I've got an idea of the major topics, but I need to find some more real-world examples.
Yes just moments after I posted that I saw your new blog posting...oh well you should still do the write up I think a lot of people would benefit from it. -
JDMurray Admin Posts: 13,092 Adminkeatron wrote:Stand next to a guy in the elevator. With your ripping device hidden in your coat, stand as close to him as possible, you hear a beep in your pocket (or feel a vibration if you're smart), and you both go on your merry way.
-
Schluep Member Posts: 346JDMurray wrote:keatron wrote:Stand next to a guy in the elevator. With your ripping device hidden in your coat, stand as close to him as possible, you hear a beep in your pocket (or feel a vibration if you're smart), and you both go on your merry way.
I never knew that little red x had a name. I'll be sure to address him properly from now on. -
Slowhand Mod Posts: 5,161 ModI can't give recommendations on full-scale programming languages, (except the C/C++ and assembly language, that goes without saying,) but I do agree with the comments on scripting. For security admins, scripting is key, so for the Unix/Linux guys Bash is the way to go. And, for Windows admins, I'll tell you what I was told at the Server 2008 launch event yesterday: learn PowerShell.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
liven Member Posts: 918JD,
as a professional security admin, I will be more than happy to help with real world examples.encrypt the encryption, never mind my brain hurts. -
JDMurray Admin Posts: 13,092 AdminSlowhand wrote:And, for Windows admins, I'll tell you what I was told at the Server 2008 launch event yesterday: learn PowerShell.liven wrote:JD,
as a professional security admin, I will be more than happy to help with real world examples.
Whatever you can contribute will be great. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□A very good book, Gray Hat Hacking has a chapter (7) entitled "Programming Survival Skills". As a matter of fact, chapter 6-11 have a lot on security topics related to programming in some way.
Ch 6 - "Automated Pen Testing" has a good intro to Metasploit, which is really an exploit development environment.
Ch 7 - "Programming Survival Skills
Ch 10 - "Writing Linux Shellcode"
Ch 11 - "Writing a Basic Windows Exploit"
The whole book is pretty good, and IMO much better than the typical "Hacker" handbooks. As a matter of fact, Chapter 5 is actually titled "Beyond Hacking Exposed". It even has 2 chapters on reverse engineering.
Definately a good buy to get a look at the role that programming skills play in security.All things are possible, only believe. -
Slowhand Mod Posts: 5,161 ModJDMurray wrote:I've been playing with PowerShell for a year now and it's a cool concept with a lot of useful features. I use it quite a bit for playing with the WMI. It makes me wonder why something like PS wasn't written for the initial release of Windows Server 2003.
They talked about that at the event in San Francisco. The Microsoft Learning VP said that they decided not to package PowerShell in with Server 2008 at launch because they didn't want to spring it on people before admins were used to using it. He also mentioned that he would feel more comfortable having people rely on PowerShell for their admin needs after the next major release, as it's still on version 1.0. He did say, though, that future versions of Windows (both server and client) would come with PowerShell as the main command-line environment.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
JDMurray Admin Posts: 13,092 AdminSlowhand wrote:He did say, though, that future versions of Windows (both server and client) would come with PowerShell as the main command-line environment.
Windows PowerShell 2.0 Community Technology Preview (CTP) -
Slowhand Mod Posts: 5,161 ModJDMurray wrote:Slowhand wrote:He did say, though, that future versions of Windows (both server and client) would come with PowerShell as the main command-line environment.
Windows PowerShell 2.0 Community Technology Preview (CTP)
Honestly, if I understood how Microsoft's marketing department thinks, I'd probably be locked up in a rubber-room.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
bcairns Member Posts: 280My $0.02 worth...
Language really does not matter - what does matter is your end goal.
The language is just a tool to help you in your goal.
That being said here is my take on languages:
C/C++ = low to high level programming, not much you can't do with these languages, and frameworks like QT4 make it super easy to do cross platform code.
C#/VB/C++CLI = The Microsoft .Net Framework is great, I love C# - but it comes at the price of only being able to run on windows...there are hacks and work arounds (Mono) that allow it to run on linux, but I really don't trust them much for anything "mission critical". But there are rumors that MS will make the .Net framework run on multiple platforms in the coming years.
Java/Python = the other VM languages out there all hold their own. Java has been around forever and has a ton of prebuilt classes in the API that you can use.
In short, there is no "best" language - there is the right tool for the job. So plan on learning many languages.My youTube Channel: http://www.youtube.com/user/voidrealms -
Slowhand Mod Posts: 5,161 Modbcairns wrote:In short, there is no "best" language - there is the right tool for the job. So plan on learning many languages.
I can't agree more with this statement. Every computer science/information systems professor I've had has said the same thing. The focus is to learn how to solve problems, not on syntax. Given, some languages are better suited towards different ends, some development tools are geared towards particular tasks and include specific languages, but the idea behind writing the code stays the same. That's the reason why most computer science curriculi include general "introduction to programming" courses, data structures & algorithms courses, assembler & hardware function classes, etc. You're taught to be a developer, to think like a programmer (read "mathematician"), it's up to you to pick the tools that suit your needs.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
JDMurray Admin Posts: 13,092 AdminSlowhand wrote:You're taught to be a developer, to think like a programmer (read "mathematician")
-
Slowhand Mod Posts: 5,161 ModJDMurray wrote:Slowhand wrote:You're taught to be a developer, to think like a programmer (read "mathematician")
That's a very good point. I think saying that programming leans heavily in the direction of problem-solving that's very similar to mathematics would have been a better statement in my earlier post. Either way, prepare to think more analytically than you ever have in your life, if you go down the coding-path.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
JDMurray Admin Posts: 13,092 AdminSlowhand wrote:Either way, prepare to think more analytically than you ever have in your life, if you go down the coding-path.