Programming Lanagague

rob1234

Hello,

From a security point of view what would be the best scritping/programming lanagaue to learn and why?

Thanks!

log32

I'd say Python is worth looking at.

the_Grinch

Python is definitely the way to good. Lots of good resources, very versatile, easy to learning, and easy to use to write proofs of concept.

the_hutch

Definitely python. Can function as both interpreted and compiled. Plus if you are working with Python 2 (python 3 is getting there), there are massive libraries to take advantage of

rob1234

Yeah I was looking at that one I see Securitytube do a certification in it have not seen any other certs for it though but still a lot of resources out there for it I just like to get a cert at the end of all teh studying helps me to focues!

dbrink

I would say Python and Ruby are good to know, but I also think people should check into using Powershell when dealing with Windows systems if possible.

the_hutch

I would say VBScript for a windows environment

rogue2shadow

Python and Bash
Ruby is definitely nice but I would start with the top two first.

ptilsen

We seem to get this question a lot, and I have to reject the question itself as it has no meaning. What does "from a security point of view" mean? Does that mean for webapp penetration testing? Network pentesting? Does it mean for writing secure code for other purposes? Does it mean for writing/reverse engineering malware? What systems are involved? All of these questions and others change the answer, and even for each area there is rarely one true answer.

That being said, I will reiterate the answer Python, because it fulfills many of these needs and is useful on most platforms. PowerShell is also extremely useful on Windows, and personally I prefer to write PowerShell scripts over BASH or Python scripts. VBscript really has little to no use when PowerShell can be used. PowerShell can do pretty much everything VBScript can in less and easier-to-use code.

dbrink

the_hutch wrote: »

I would say VBScript for a windows environment

I'm going to have to disagree with this. VBScript is a thing of the past, if you want to script in a windows environment you are better off starting with Powershell. Powershell is the future of all Windows automation/scripting.

the_Grinch

I agree to an extent, but if you are attacking Server 2003 VBScript is basically your only choice. I don't know a lot of admins who went about installing Powershell onto their 2003 servers.

hardstylewon

You should look up and study each language and see the advantages and disadvantages of each and relate them to how you would use it. I personally prefer Perl. But Python is also easy to use and pretty quick.

Edit: You should definitely learn a language opposed to learning JUST shell scripting.

JDMurray

Web-based security is very hot these days. Good to know languages associated with Web programming, such as Javascript, PHP, HTML (a presentation language), Java, ASP.NET (useable from a variety of .NET programming languages), and SQL for the back-end database everyone is trying to steal using its front-end Web site.

the_hutch

ptilsen wrote: »

VBscript really has little to no use when PowerShell can be used. PowerShell can do pretty much everything VBScript can in less and easier-to-use code.

Hmm...to be honest, I'm not real familiar with powershell. I've played around a little bit with it, and was pleased to find that it had a very bash-esque approach to navigating the file system on command line. But other than that, I didn't really know it was such a powerful tool...and honestly didn't even realize you could script in powershell. This intrigues me. How do I get started? Anybody have any good resources for learning powershell scripting?

ptilsen

Basically everything you'll do in VBScript makes a WMI, LDAP, or API call. PowerShell has the same capabilities, but has many features built into cmdlets to make it easier. The Get-Help cmdlet makes understanding the use of each cmdlet very easy -- frankly, the Get-Help entries are IMO far superior to the average GNU/Linux/UNIX man page. Regex is straightforward, and pretty much everything can be piped intuitively.

Most of the PowerShell resources I've used have been direct from Microsoft. Lots of standard Technet articles, and The Scripting Guy blog is just awesome. Just about every question I've ever asked as I've been writing something in PowerShell has come up on that blog.

Just to give a comparison, simple WMI tasks that would usually take me an hour or more in VBScript usually take me ten minutes in PowerShell. Unless you program or script in some variation of VB day in and day out, PowerShell is a huge time saver.

the_Grinch

Everyone I spoke to always says to get "Learn Windows Powershell in 30 Days of Lunches."

Amazon.com: Learn Windows PowerShell in a Month of Lunches (9781617290213): Don Jones: Books

JDMurray

"In A Month Of Lunches?" I wonder how long the publishing staff had to repeat that series title to themselves before it started to sound good.

dbrink

the_hutch wrote: »

Hmm...to be honest, I'm not real familiar with powershell. I've played around a little bit with it, and was pleased to find that it had a very bash-esque approach to navigating the file system on command line. But other than that, I didn't really know it was such a powerful tool...and honestly didn't even realize you could script in powershell. This intrigues me. How do I get started? Anybody have any good resources for learning powershell scripting?

Pretty much all of Microsoft's administrative GUIs now are just GUI front-ends to Powershell commands. Exchange, Lync, etc all have command shells that have tons of cmdlets for administering the system. There are some tasks that can't be performed in the GUI and can only be done from Powershell. You should check it out, it is a definite time saver.

the_hutch

the_Grinch wrote: »

Everyone I spoke to always says to get "Learn Windows Powershell in 30 Days of Lunches."

Amazon.com: Learn Windows PowerShell in a Month of Lunches (9781617290213): Don Jones: Books

hrmph...no kindle version :-/. Must find other options.

Zartanasaurus

ptilsen wrote: »

Basically everything you'll do in VBScript makes a WMI, LDAP, or API call. PowerShell has the same capabilities, but has many features built into cmdlets to make it easier. The Get-Help cmdlet makes understanding the use of each cmdlet very easy -- frankly, the Get-Help entries are IMO far superior to the average GNU/Linux/UNIX man page. Regex is straightforward, and pretty much everything can be piped

Plus they alias a lot of their commands to *nix equivalents by default to make those guys comfortable. For instance, I always access the PoSh help system using man.

Zartanasaurus

the_hutch wrote: »

hrmph...no kindle version :-/. Must find other options.

Available on Safari Books however. Great 1st book in Powershell IMO.

Zartanasaurus

JDMurray wrote: »

"In A Month Of Lunches?" I wonder how long the publishing staff had to repeat that series title to themselves before it started to sound good.

I think it was meant to be a play on O'Reilly's "In a Nutshell" series. It's the tech equivalent to 6 minute abs.

JDMurray

I was thinking it was a play on the phrase "Lunch and Learn."

dmoore44

the_hutch wrote: »

hrmph...no kindle version :-/. Must find other options.

See if you can persuade your organization to spring for a Safari Books Online subscription. If your organization tends to buy a lot of reference books, Safari Books Online will save them a lot of money... Safari gets current books pretty quickly so you'll always have up to date info. The subscription is under $500/yr and you get access to all of their books and training videos. You also get a limited number of tokens with which you can download a .pdf/.mobi/.epub version of a book. They also have an offline e-reader app for iPad and Android tabs. It's pretty damn awesome.

And just so everyone knows, I am not affiliated with Safari Books in any way. I work for the man.

Zartanasaurus

I haven't used the iPad app, but the Android app has issues. It's better than nothing and great when it works, but it's nowhere near as nice as the Kindle app.

the_hutch

dmoore44 wrote: »

See if you can persuade your organization to spring for a Safari Books Online subscription. If your organization tends to buy a lot of reference books, Safari Books Online will save them a lot of money... Safari gets current books pretty quickly so you'll always have up to date info. The subscription is under $500/yr and you get access to all of their books and training videos. You also get a limited number of tokens with which you can download a .pdf/.mobi/.epub version of a book. They also have an offline e-reader app for iPad and Android tabs. It's pretty damn awesome.

And just so everyone knows, I am not affiliated with Safari Books in any way. I work for the man.

Actually not a bad idea at all. I think I could pitch that pretty well. They are having a lot of trouble getting people to keep up with their continuing education for their 8570 certs (I think only myself and two others in our squadron have completed it). And a big part of the reason behind that is that the only option they have for people (if you are not a cert junky like myself) is ridiculously long and boring CBTs. But I know that most CE programs will honor reading technical books for credit. I think I spin it from that angle, I might be able to get it approved.

SephStorm

i realized that I can rarely read books online. Especially if I have to be online to do it. And i have the kindle for pc app which is good, until you need to update and dont have internet access.

JayTheCracker

python, php, javascript, bash

Qord

the_hutch wrote: »

hrmph...no kindle version :-/. Must find other options.

Hows about right here?
http://www.techexams.net/blogs/slowhand/72-windows-powershell-resources.html

the_hutch

JayTheCracker wrote: »

python, php, javascript, bash

Unfortunately, a plugin is required to get Python running on powershell. Since I work in an organization with a very strict (and fairly dysfunctional) Change Management program, python in powershell is not really an option for me

crashdump

rob1234 wrote: »

Hello,

From a security point of view what would be the best scritping/programming lanagaue to learn and why?

Thanks!

+1 for Java