Beginner programming for security career

This is probably a loaded question and prone to the ol' Ford vs. Chevy debate, but I have to throw out the question somewhere...

One of my career shortcomings is in the area of scripting and programming. Sure, I can do some Windows batch scripting and can modify existing VBScripts to get stuff done (most of the time), but if I'm going to dive into security work beyond firewalls and VPNs, I'm going to need an understanding of software architecture, code, etc.. Where should I start? Note that I have no plans on becoming a full-time developer. That's definitely not in my scope of interest. For long-term plans, I'd like to be able to at least casually glance over code and have a high-level understanding of what I'm seeing.

Any recommendations - Python? PHP? I'm not leaning towards app-security so I don't need to go hardcore into it, but I want to start small and still learn something relevant. If I ever decide I want to try the OSCP one day, having this background would no doubt be very useful.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

dynamik

docrice wrote: »

I'm going to need an understanding of software architecture, code, etc..

I used to think like this, but it's not as important as you'd think. That knowledge obviously won't hurt you, but for the type of stuff you're thinking about doing, it's really not going to matter much. I'm obviously not encouraging you to write sloppy code, but the reality is even a poorly written program will probably do what you need. I think most of your inefficiencies/deficiencies will be remedied through practice.

These are on my wish-list (for that type of thing):
Amazon.com: Write Great Code: Volume 1: Understanding the Machine (9781593270032): Randall Hyde: Books

Amazon.com: Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level (9781593270650): Randall Hyde: Books

Python's a good language to start with. A lot of tools are written in it, and it's pretty easy to pick up. The same goes for Perl (minus the "easy" part). I'm actually getting into Ruby at the moment, and I like it quite a bit. A compiled language (or languages) such as C, C++, C#, Java, etc. is also good to know. I'm also working with assembly, and I have to say that's been a fantastic experience. It's not that learning about the nitty-gritty details of the CPU and memory are exciting, but it's making everything else make so much more sense.

earweed

Can you recommend a good beginners book for Python? I've had some experience with Java, Fortran, Assembler (long time ago), unix (again a long time ago), and javascript/html. Learning a new language will probably serve well enough to keep my "knifve' sharp"
I know what you mean about assembler teaching you things about how the cpu works. I did it back in the 8088 days and it taught me a lot. I should probably jump back in and try it with a non stoneage CPU..lol

dynamik

I got the third edition of Learning Python (O'Reilly 2007) instead of the fourth (2009) because I wanted to learn on 2.x instead of 3.0. The newer version introduced significant changes that are not backwards-compatible and most code you come across is still 2.x.

This is a good resource too: https://code.google.com/edu/languages/google-python-class/index.html

JDMurray

Many people choose to learn script-like programing languages like Perl, Python, and PowerShell because they can get practical use from knowing those languages. However, learning those languages won't teach you much about computer architecture. If you want to know about how a computer works inside, there's no substitute for assembly language programming. If you want to learn about how large software systems are structured (object-oriented), you are better off learning C++, C#, or Java by taking a series of proper software engineering classes.

TrainingDaze

I'd agree with Eric Raymond (How To Become A Hacker) and recommend Python to get your feet wet. Remember that the only way to learn programming is to....(drum roll)...write programs! Don't get caught up with just reading chapters or memorizing words and think you will know it, you must must must actually write out programs to learn. Sounds obvious but you'd be surprised.

As for OSCP, I can't give you any better advice for prepping than JD already has here: http://www.techexams.net/forums/security-certifications/50001-oscp.html#post378074

Met44

I'd like to be able to at least casually glance over code and have a high-level understanding of what I'm seeing

Pretty much what the others have said: Python would be a good place to start. C is also a very popular language for writing tools, and many widely used (and targeted) system programs are written in C, in whole or part. After getting a grasp on the fundamentals using Python, learning some C would help fill in some gaps and get you familiar with another language that you may see on a regular basis -- depending on what exactly you plan on doing.

earweed wrote: »

Can you recommend a good beginners book for Python?

There is an MIT Open Courseware class on introductory programming that uses Python as its language, which would be a good start to both Python and programming in general. You (earweed) may not need the theory, having the background that you do, but it would probably be interesting for others. The books dynamik mentioned are really well done. Another way to get a feel for the language is by going through the official tutorial at python.org. If you've already had experience with OO languages, the tutorial might be enough for you to get going.

Bl8ckr0uter

JDMurray wrote: »

. If you want to learn about how large software systems are structured (object-oriented), you are better off learning C++, C#, or Java by taking a series of proper software engineering classes.

I agree. At my community college I am adding the software development courses for this very reason.

ArabianKnight

Started a thread similar to this in the job forum, should have looked here first.