Solved

What is the best scripting language to pick up for work in info security?

Posted on 2010-08-31
7
702 Views
Last Modified: 2012-05-10
I work currently work with mostly windows environments and have some experience with batch scripting, powershell and vbscript.  I have a strong focus on network security and am trying to move more towards the penetration testing career path.  I am looking for a good language to pick up.  I haven't worked with either, but I have heard both pearl and python are good choices.  I did some .net work in college years ago, but most of that knowledge is long gone as I haven't really needed it network administration.  Any advice suggestions are appreciated.

Thanks
0
Comment
Question by:childersj
7 Comments
 
LVL 2

Accepted Solution

by:
jtokarchuk earned 167 total points
ID: 33573146
You want Ruby, because it's the native language for Metasploit, which is the de facto standard open source penetration testing framework. Ruby's going to give you:

Metasploit's framework, opcode and shellcode databases
Metasploit's Ruby lorcon bindings for raw 802.11 work
Metasploit's KARMA bindings for 802.11 clientside redirection

Distorm for x86 disassembly

Second place to Python. There are more pentesting libraries available in Python than in Ruby (but not enough to offset Metasploit). Commercial tools support Python as well.

Python:

Twisted for network access

PaiMei for program tracing and programmable debugging

CANVAS and Impact support

Dornseif's firewire libraries for remote debugging

Ready integration with WinDbg for remote Windows kernel debugging (there's still no good answer in Ruby for kernel debugging, which is why I still occasionally use Python).

Peach Fuzzer and Sully for fuzzing

SpikeProxy for web penetration testing (also, OWASP Pantera).

0
 
LVL 4

Assisted Solution

by:mhenry20
mhenry20 earned 167 total points
ID: 33573150
A lot of pen testing uses linux variations.  You definitely need Perl.  I would also get fluent on linux shell scripting.  Perl is good because it gives you direct access to network streams.  C might also be a good choice to brush up on.  A little knowledge of a lot of languages such as PHP, Java, Ajax and so on would be usefull so that you understand the actual problems with certain type of coding.

You could look at some packages like metasploit and nessus to see what they use for coding.

Good luck.  That is certainly a career path that will active for a while.
0
 
LVL 4

Expert Comment

by:illhelpu
ID: 33573251
I would say C#/++ and Java but honestly it just depends on what you will be working to secure.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 33573683
If you are planning to work for a pen testing company, the answer might be "everything" including some assembler.
0
 
LVL 13

Assisted Solution

by:p_nuts
p_nuts earned 166 total points
ID: 33574309
if you are going for penetration testing I would start with learning:

(ofcourse if you don't know it already)

- networking
- linux
- Python or c++

if you want to do network penetration that should be a good start

if you want to do windows .net and c# would both be good too.

if you learn c++ you will automatically get a whole bunch of programming languages that are very similar to it. like php etc..

also have a look at De-ICE they have pentest LiveCD's which can boot a machine and give you a whole set of tools to do pentests.
http://www.de-ice.net/

then there are the certification routes you could follow if you want to get a job in the security area..
CISSP Certified Information Systems Security Professional
CEH  Certified Ethical Hacker
CHFI Computer hacking forensic Investigator

but those don't come cheap.




0
 

Author Comment

by:childersj
ID: 33577896
Yeah as I mentioned it has been years since I did any significant programming and for the most part the knowledge is gone.  Conceptual stuff I still understand, but actual ability to do a lot I will have to relearn.  Networking I know very well so that isn't an issue.  As far certs go, I actually have been working on the CISSP for about six months and intend to sit the exam later in the month.  I've used backtrack for testing for a few years now and have a little experience with metasploit from a graduate class I took.

I appreciate all of the input from everyone.  I may look at starting with Perl or Ruby (I don't honestly know all that much about Ruby), then talk about attacking something like python after I build up the other skills.

Thanks!
0
 
LVL 13

Expert Comment

by:p_nuts
ID: 33592789
to be honest most language are close and syntax can be googled..

also think what you'll be pentesting. that help to define the learning curve and path.

a good idea about encryption helps too
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question