Solved

What is the best scripting language to pick up for work in info security?

Posted on 2010-08-31
7
705 Views
Last Modified: 2012-05-10
I work currently work with mostly windows environments and have some experience with batch scripting, powershell and vbscript.  I have a strong focus on network security and am trying to move more towards the penetration testing career path.  I am looking for a good language to pick up.  I haven't worked with either, but I have heard both pearl and python are good choices.  I did some .net work in college years ago, but most of that knowledge is long gone as I haven't really needed it network administration.  Any advice suggestions are appreciated.

Thanks
0
Comment
Question by:childersj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Accepted Solution

by:
jtokarchuk earned 167 total points
ID: 33573146
You want Ruby, because it's the native language for Metasploit, which is the de facto standard open source penetration testing framework. Ruby's going to give you:

Metasploit's framework, opcode and shellcode databases
Metasploit's Ruby lorcon bindings for raw 802.11 work
Metasploit's KARMA bindings for 802.11 clientside redirection

Distorm for x86 disassembly

Second place to Python. There are more pentesting libraries available in Python than in Ruby (but not enough to offset Metasploit). Commercial tools support Python as well.

Python:

Twisted for network access

PaiMei for program tracing and programmable debugging

CANVAS and Impact support

Dornseif's firewire libraries for remote debugging

Ready integration with WinDbg for remote Windows kernel debugging (there's still no good answer in Ruby for kernel debugging, which is why I still occasionally use Python).

Peach Fuzzer and Sully for fuzzing

SpikeProxy for web penetration testing (also, OWASP Pantera).

0
 
LVL 4

Assisted Solution

by:mhenry20
mhenry20 earned 167 total points
ID: 33573150
A lot of pen testing uses linux variations.  You definitely need Perl.  I would also get fluent on linux shell scripting.  Perl is good because it gives you direct access to network streams.  C might also be a good choice to brush up on.  A little knowledge of a lot of languages such as PHP, Java, Ajax and so on would be usefull so that you understand the actual problems with certain type of coding.

You could look at some packages like metasploit and nessus to see what they use for coding.

Good luck.  That is certainly a career path that will active for a while.
0
 
LVL 4

Expert Comment

by:illhelpu
ID: 33573251
I would say C#/++ and Java but honestly it just depends on what you will be working to secure.
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 33573683
If you are planning to work for a pen testing company, the answer might be "everything" including some assembler.
0
 
LVL 13

Assisted Solution

by:p_nuts
p_nuts earned 166 total points
ID: 33574309
if you are going for penetration testing I would start with learning:

(ofcourse if you don't know it already)

- networking
- linux
- Python or c++

if you want to do network penetration that should be a good start

if you want to do windows .net and c# would both be good too.

if you learn c++ you will automatically get a whole bunch of programming languages that are very similar to it. like php etc..

also have a look at De-ICE they have pentest LiveCD's which can boot a machine and give you a whole set of tools to do pentests.
http://www.de-ice.net/

then there are the certification routes you could follow if you want to get a job in the security area..
CISSP Certified Information Systems Security Professional
CEH  Certified Ethical Hacker
CHFI Computer hacking forensic Investigator

but those don't come cheap.




0
 

Author Comment

by:childersj
ID: 33577896
Yeah as I mentioned it has been years since I did any significant programming and for the most part the knowledge is gone.  Conceptual stuff I still understand, but actual ability to do a lot I will have to relearn.  Networking I know very well so that isn't an issue.  As far certs go, I actually have been working on the CISSP for about six months and intend to sit the exam later in the month.  I've used backtrack for testing for a few years now and have a little experience with metasploit from a graduate class I took.

I appreciate all of the input from everyone.  I may look at starting with Perl or Ruby (I don't honestly know all that much about Ruby), then talk about attacking something like python after I build up the other skills.

Thanks!
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33592789
to be honest most language are close and syntax can be googled..

also think what you'll be pentesting. that help to define the learning curve and path.

a good idea about encryption helps too
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Starting up a Project

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question