Programming Lanagague

Hello,

From a security point of view what would be the best scritping/programming lanagaue to learn and why?

Thanks!

Comments

  • log32log32 Users Awaiting Email Confirmation Posts: 217
    I'd say Python is worth looking at.
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Python is definitely the way to good. Lots of good resources, very versatile, easy to learning, and easy to use to write proofs of concept.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_hutchthe_hutch Banned Posts: 827
    Definitely python. Can function as both interpreted and compiled. Plus if you are working with Python 2 (python 3 is getting there), there are massive libraries to take advantage of
  • rob1234rob1234 Banned Posts: 151
    Yeah I was looking at that one I see Securitytube do a certification in it have not seen any other certs for it though but still a lot of resources out there for it I just like to get a cert at the end of all teh studying helps me to focues!
  • dbrinkdbrink Member Posts: 180
    I would say Python and Ruby are good to know, but I also think people should check into using Powershell when dealing with Windows systems if possible.
    Currently Reading: Learn Python The Hard Way
    http://defendyoursystems.blogspot.com/
  • the_hutchthe_hutch Banned Posts: 827
    I would say VBScript for a windows environment
  • rogue2shadowrogue2shadow CISSP, GXPN, OSCE, OSCP, OSWP, eMAPT, CEH, CNDA, A+, Network+, Security+ Member Posts: 1,501 ■■■■■■■■□□
    Python and Bash :)
    Ruby is definitely nice but I would start with the top two first.

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    We seem to get this question a lot, and I have to reject the question itself as it has no meaning. What does "from a security point of view" mean? Does that mean for webapp penetration testing? Network pentesting? Does it mean for writing secure code for other purposes? Does it mean for writing/reverse engineering malware? What systems are involved? All of these questions and others change the answer, and even for each area there is rarely one true answer.

    That being said, I will reiterate the answer Python, because it fulfills many of these needs and is useful on most platforms. PowerShell is also extremely useful on Windows, and personally I prefer to write PowerShell scripts over BASH or Python scripts. VBscript really has little to no use when PowerShell can be used. PowerShell can do pretty much everything VBScript can in less and easier-to-use code.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • dbrinkdbrink Member Posts: 180
    the_hutch wrote: »
    I would say VBScript for a windows environment

    I'm going to have to disagree with this. VBScript is a thing of the past, if you want to script in a windows environment you are better off starting with Powershell. Powershell is the future of all Windows automation/scripting.
    Currently Reading: Learn Python The Hard Way
    http://defendyoursystems.blogspot.com/
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    I agree to an extent, but if you are attacking Server 2003 VBScript is basically your only choice. I don't know a lot of admins who went about installing Powershell onto their 2003 servers.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • hardstylewonhardstylewon Member Posts: 15 ■□□□□□□□□□
    You should look up and study each language and see the advantages and disadvantages of each and relate them to how you would use it. I personally prefer Perl. But Python is also easy to use and pretty quick.

    Edit: You should definitely learn a language opposed to learning JUST shell scripting.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,667 Admin
    Web-based security is very hot these days. Good to know languages associated with Web programming, such as Javascript, PHP, HTML (a presentation language), Java, ASP.NET (useable from a variety of .NET programming languages), and SQL for the back-end database everyone is trying to steal using its front-end Web site.
  • the_hutchthe_hutch Banned Posts: 827
    ptilsen wrote: »
    VBscript really has little to no use when PowerShell can be used. PowerShell can do pretty much everything VBScript can in less and easier-to-use code.

    Hmm...to be honest, I'm not real familiar with powershell. I've played around a little bit with it, and was pleased to find that it had a very bash-esque approach to navigating the file system on command line. But other than that, I didn't really know it was such a powerful tool...and honestly didn't even realize you could script in powershell. This intrigues me. How do I get started? Anybody have any good resources for learning powershell scripting?
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    Basically everything you'll do in VBScript makes a WMI, LDAP, or API call. PowerShell has the same capabilities, but has many features built into cmdlets to make it easier. The Get-Help cmdlet makes understanding the use of each cmdlet very easy -- frankly, the Get-Help entries are IMO far superior to the average GNU/Linux/UNIX man page. Regex is straightforward, and pretty much everything can be piped intuitively.

    Most of the PowerShell resources I've used have been direct from Microsoft. Lots of standard Technet articles, and The Scripting Guy blog is just awesome. Just about every question I've ever asked as I've been writing something in PowerShell has come up on that blog.

    Just to give a comparison, simple WMI tasks that would usually take me an hour or more in VBScript usually take me ten minutes in PowerShell. Unless you program or script in some variation of VB day in and day out, PowerShell is a huge time saver.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • the_Grinchthe_Grinch Member Posts: 4,164 ■■■■■■■■■■
    Everyone I spoke to always says to get "Learn Windows Powershell in 30 Days of Lunches."

    Amazon.com: Learn Windows PowerShell in a Month of Lunches (9781617290213): Don Jones: Books
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,667 Admin
    "In A Month Of Lunches?" I wonder how long the publishing staff had to repeat that series title to themselves before it started to sound good. icon_tongue.gif
  • dbrinkdbrink Member Posts: 180
    the_hutch wrote: »
    Hmm...to be honest, I'm not real familiar with powershell. I've played around a little bit with it, and was pleased to find that it had a very bash-esque approach to navigating the file system on command line. But other than that, I didn't really know it was such a powerful tool...and honestly didn't even realize you could script in powershell. This intrigues me. How do I get started? Anybody have any good resources for learning powershell scripting?

    Pretty much all of Microsoft's administrative GUIs now are just GUI front-ends to Powershell commands. Exchange, Lync, etc all have command shells that have tons of cmdlets for administering the system. There are some tasks that can't be performed in the GUI and can only be done from Powershell. You should check it out, it is a definite time saver.
    Currently Reading: Learn Python The Hard Way
    http://defendyoursystems.blogspot.com/
  • the_hutchthe_hutch Banned Posts: 827
    the_Grinch wrote: »
    Everyone I spoke to always says to get "Learn Windows Powershell in 30 Days of Lunches."

    Amazon.com: Learn Windows PowerShell in a Month of Lunches (9781617290213): Don Jones: Books

    hrmph...no kindle version :-/. Must find other options.
  • ZartanasaurusZartanasaurus Member Posts: 2,008
    ptilsen wrote: »
    Basically everything you'll do in VBScript makes a WMI, LDAP, or API call. PowerShell has the same capabilities, but has many features built into cmdlets to make it easier. The Get-Help cmdlet makes understanding the use of each cmdlet very easy -- frankly, the Get-Help entries are IMO far superior to the average GNU/Linux/UNIX man page. Regex is straightforward, and pretty much everything can be piped
    Plus they alias a lot of their commands to *nix equivalents by default to make those guys comfortable. For instance, I always access the PoSh help system using man.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
  • ZartanasaurusZartanasaurus Member Posts: 2,008
    the_hutch wrote: »
    hrmph...no kindle version :-/. Must find other options.
    Available on Safari Books however. Great 1st book in Powershell IMO.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
  • ZartanasaurusZartanasaurus Member Posts: 2,008
    JDMurray wrote: »
    "In A Month Of Lunches?" I wonder how long the publishing staff had to repeat that series title to themselves before it started to sound good. icon_tongue.gif
    I think it was meant to be a play on O'Reilly's "In a Nutshell" series. It's the tech equivalent to 6 minute abs.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,667 Admin
    I was thinking it was a play on the phrase "Lunch and Learn."
  • dmoore44dmoore44 Member Posts: 646
    the_hutch wrote: »
    hrmph...no kindle version :-/. Must find other options.

    See if you can persuade your organization to spring for a Safari Books Online subscription. If your organization tends to buy a lot of reference books, Safari Books Online will save them a lot of money... Safari gets current books pretty quickly so you'll always have up to date info. The subscription is under $500/yr and you get access to all of their books and training videos. You also get a limited number of tokens with which you can download a .pdf/.mobi/.epub version of a book. They also have an offline e-reader app for iPad and Android tabs. It's pretty damn awesome.

    And just so everyone knows, I am not affiliated with Safari Books in any way. I work for the man.
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • ZartanasaurusZartanasaurus Member Posts: 2,008
    I haven't used the iPad app, but the Android app has issues. It's better than nothing and great when it works, but it's nowhere near as nice as the Kindle app.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
  • the_hutchthe_hutch Banned Posts: 827
    dmoore44 wrote: »
    See if you can persuade your organization to spring for a Safari Books Online subscription. If your organization tends to buy a lot of reference books, Safari Books Online will save them a lot of money... Safari gets current books pretty quickly so you'll always have up to date info. The subscription is under $500/yr and you get access to all of their books and training videos. You also get a limited number of tokens with which you can download a .pdf/.mobi/.epub version of a book. They also have an offline e-reader app for iPad and Android tabs. It's pretty damn awesome.

    And just so everyone knows, I am not affiliated with Safari Books in any way. I work for the man.

    Actually not a bad idea at all. I think I could pitch that pretty well. They are having a lot of trouble getting people to keep up with their continuing education for their 8570 certs (I think only myself and two others in our squadron have completed it). And a big part of the reason behind that is that the only option they have for people (if you are not a cert junky like myself) is ridiculously long and boring CBTs. But I know that most CE programs will honor reading technical books for credit. I think I spin it from that angle, I might be able to get it approved.
  • SephStormSephStorm Member Posts: 1,732
    i realized that I can rarely read books online. Especially if I have to be online to do it. And i have the kindle for pc app which is good, until you need to update and dont have internet access.
  • JayTheCrackerJayTheCracker Member Posts: 169
    python, php, javascript, bash :)
  • QordQord Senior Member Member Posts: 631 ■■■■□□□□□□
    the_hutch wrote: »
    hrmph...no kindle version :-/. Must find other options.
    Hows about right here?
    http://www.techexams.net/blogs/slowhand/72-windows-powershell-resources.html
  • the_hutchthe_hutch Banned Posts: 827
    python, php, javascript, bash :)

    Unfortunately, a plugin is required to get Python running on powershell. Since I work in an organization with a very strict (and fairly dysfunctional) Change Management program, python in powershell is not really an option for me icon_sad.gif
  • crashdumpcrashdump Banned Posts: 134
    rob1234 wrote: »
    Hello,

    From a security point of view what would be the best scritping/programming lanagaue to learn and why?

    Thanks!

    +1 for Java
Sign In or Register to comment.