Skip to main content
15 answers
18
Asked 807 views Translate

What are the programming languages I should master before entering the workforce as a entry-level penetration tester?

#programming #computer #technology #computer-science #cyber

+25 Karma if successful
From: You
To: Friend
Subject: Career question for you

18

15 answers


4
Updated Translate

Irene’s Answer

If you'd like to be a penetration tester, you have to be good at automating your tests, which means:
* Being comfortable around a command line (e.g. learning Bash scripting would be useful)
* Being comfortable writing scripts. Python is probably the best language for this.

Thank you comment icon Thank you so much! This advice was very helpful! Nievedha
4
1
Updated Translate

Alain’s Answer

In my experience learning one programming language will help you understand and master many cybersecurity tools, processes and tasks. In practice what we use more frequently are scripting languages that help us automate many of the tasks we perform when working on a security review. Scripting languages such as Python, Javascript, Bash, PHP, Pearl and Powershell are powerful tools we use based on the systems reviewed.
1
1
Updated Translate

E’s Answer

If you are set on penetration testing, here are some core skills:

- UNIX command line
- shell scripting, preferably Bash
- automation with Python
- malware analysis - this involves a certain level of familiarity with C and assembly

Beyond just learning a specific language though, you need to build and apply solutions that apply to specific use cases. languages are just a means to an end for this, and many can often do the same task in different ways. So practice makes perfect.
1
1
Updated Translate

Jason’s Answer

All of the other answers here are great places to focus your learning vis-a-vis languages.

To be excellent in a security role, it's most important to learn how the computer works, how it communicates over the network, how the operating system and the software running on it interact and how mistakes and omissions can result in vulnerabilities that can be exploited. It's also important to know how hackers think about those interactions when they're coming up with ways of exploiting flaws.

The programming languages you use then become your means of applying that knowledge to look for those vulnerabilities.

Learning Python, Bash, SQL (and/or other languages) will likely be necessary but not sufficient to be successful.
Thank you comment icon Thank you for letting me know about the various sectors that I would need to know to succeed in security! I really appreciate the detailed and precise explanation! Nievedha
1
Updated Translate

Jeffrey’s Answer

I would suggest Python and/or C++. Very easy to learn.
0
0
Updated Translate

James’s Answer

Python is frequently used in most aspects of penetration testing due to it's versatility. It can be used in network scanning, web fuzzing, exploit development, or any task where repetition is required. It is easy to learn and has abundant learning resources on the internet.

As with every language or skill, you MUST practice. Every single day. Writing small scripts, experiments, failed apps are all your homework. Use CTF challenges (WeChall, OverTheWire, Vulnhub) to practice.

As soon as you walk away from your keyboard, the knowledge will begin to dissipate unless you keep filling it.
Thank you comment icon Thank you so much for the advice! The CTF challenges were definitely something I needed. I did not think of it for practicing my skills! Nievedha
0
0
Updated Translate

James’s Answer

Python is frequently used in most aspects of penetration testing due to it's versatility. It can be used in network scanning, web fuzzing, exploit development, or any task where repetition is required. It is easy to learn and has abundant learning resources on the internet.

As with every language or skill, you MUST practice. Every single day. Writing small scripts, experiments, failed apps are all your homework. Use CTF challenges (WeChall, OverTheWire, Vulnhub) to practice.

As soon as you walk away from your keyboard, the knowledge will begin to dissipate unless you keep filling it.
0
0
Updated Translate

Tina’s Answer

Understanding the basics of programming is key. While there are different languages and ways to script, having a general understanding of the process will take you far regardless. With that said, Python , Bash and PowerShell are all used extensively. Remember that not all pen tests should come from the outside. Internal tests are just as valuable.

0
0
Updated Translate

Glen’s Answer

The most prevalent scripting/programming language today is Python. I would suggest starting with Python because it is very easy to learn and easily understood by humans. It runs on something that simulates a computer called an interpreter. Interpreters analyze and execute Python commands which makes Python very portable and flexible. Yet, at the same time it can be just as powerful as a "classic" Object Orientated Programming (commonly abbreviated with OOP) language like C++.

Many security and pen-testing tools use Python or software such as Ansible which is based on Python. Ansible is a common, open-source software provisioning, configuration management, and application-deployment tool. It maintains a single code base that runs on both Python 2 and Python 3.

In the end, Python is a great choice no matter which language you choose, they are all great paths into the realm of computer science. I hope this was helpful for you and anyone else interested in this area as there are no shortage of opportunities in the security space!
Thank you comment icon Thank you so much! This was a great explanation to what are the various languages needed in security! I did not know about Ansible and this was great information! Nievedha
0
0
Updated Translate

arunie’s Answer

Definitely Python.
Thank you comment icon Thank you Arunie! I do hear that alot! Thanks for confirming it! Nievedha
0
0
Updated Translate

Leslie’s Answer

To add to Irene's answer, as an entry-level pentester, you will need to get comfortable with scripting languages like :

1. Bash scripting (Windows & Linux),
2. Python
3. SQL
4. C
5. Javascript
Most exploits are made available in these languages so you need to be able to at least read the code if necessary. Python is the de-facto language for most exploits, but you will need to know how to read SQL, and C may come in handy when you want smaller executables. Javascript runs on many platforms so it will be a plus.
Thank you comment icon Thank you Leslie! The detailed explanation for each language made me understand better😊 Nievedha
0
0
Updated Translate

Samuel’s Answer

I tell everyone Python. I am actual currently a Blue Team guy but we work a lot with Red team guys and a lot of our job overlaps. Python is just so useful in so many different ways.

Favorite libraries:

pefile
pandas
sklearn
datetime
numpy
0
0
Updated Translate

Tuan’s Answer

As a software quality engineer, I've done many projects on security and using scripting languages. I would recommend learning the following:
1. Python and Javascript
2. C and Java
3. Get very strong with object oriented
4. Selenium
5. Cross site scripting fundamentals
0
Updated Translate

Jeffrey’s Answer

I would suggest Python and/or C++. Very easy to learn.
0
0
Updated Translate

Darin’s Answer

If you want to see some of the popular languages out there look up the TIOBE index. Right now one of the most popular computer languanges is Java
Thank you comment icon Thank you for providing me a reference! I will definitely look it up! Nievedha
0