One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1095315 |
| Date de publication | 2019-04-23 00:18:02 (vue: 2019-04-28 12:41:00) |
| Titre | Programming languages infosec professionals should learn |
| Texte | Code is an essential skill of the infosec professional, but there are so many languages to choose from. What language should you learn? As a heavy coder, I thought I'd answer that question, or at least give some perspective.The tl;dr is JavaScript. Whatever other language you learn, you'll also need to learn JavaScript. It's the language of browsers, Word macros, JSON, NodeJS server side, scripting on the command-line, and Electron apps. You'll also need to a bit of bash and/or PowerShell scripting skills, SQL for database queries, and regex for extracting data from text files. Other languages are important as well, Python is very popular for example. Actively avoid C++ and PHP as they are obsolete.Also tl;dr: whatever language you decide to learn, also learn how to use an IDE with visual debugging, rather than just a text editor. That probably means Visual Code from Microsoft. Also, whatever language you learn, stash your code at GitHub.Let's talk in general terms. Here are some types of languages.Unavoidable. As mentioned above, familiarity with JavaScript, bash/Powershell, and SQL are unavoidable. If you are avoiding them, you are doing something wrong.Small scripts. You need to learn at least one language for writing quick-and-dirty command-line scripts to automate tasks or process data. As a tool using animal, this is your basic tool. You are a monkey, this is the stick you use to knock down the banana. Good choices are JavaScript, Python, and Ruby. Some domain-specific languages can also work, like PHP and Lua. Those skilled in bash/PowerShell can do a surprising amount of "programming" tasks in those languages. Old timers use things like PERL or TCL. Sometimes the choice of which language to learn depends upon the vast libraries that come with the languages, especially Python and JavaScript libraries.Development languages. Those scripting languages have grown up into real programming languages, but for the most part, "software development" means languages designed for that task like C, C++, Java, C#, Rust, Go, or Swift.Domain-specific languages. The language Lua is built into nmap, snort, Wireshark, and many games. Ruby is the language of Metasploit. Further afield, you may end up learning languages like R or Matlab. PHP is incredibly important for web development. Mobile apps may need Java, C#, Kotlin, Swift, or Objective-C.As an experienced developer, here are my comments on the various languages, sorted in alphabetic order.bash (and other Unix shells)You have to learn some bash for dealing with the command-line. But it's also a fairly completely programming language. Perusing the scripts in an average Linux distribution, especially some of the older ones, and you'll find that bash makes up a substantial amount of what we think of as the Linux operating system. Actually, it's called bash/Linux.In the Unix world, there are lots of other related shells that aren't bash, which have slightly different syntax. A good example is BusyBox which has "ash". I mention this because my bash skills are rather poor partly because I originally learned "csh" and get my syntax variants confused.As a hard-core developer, I end up just programming in JavaScript or even C rather than trying to create complex bash scripts. But you shouldn't look down on complex bash scripts, because they can do great things. In particular, if you are a pentester, the shell is often the only language you'll get when hacking into a system, sod good bash language skills are a must.CThis is the development language I use the most, simply because I'm an old-time "systems" developer. What "systems programming" means i |
| Envoyé | Oui |
| Condensat | able about above academic adopted after age ago algorithmic all allocation almost also alternative annoyingly anything apple application apps are aren ask attacks available avoid backend backwards based bash/powershell basics became because become becomes before being best better between bought buffer buggy built but c++ called can cause cd/bat certain certainly choice choose choosing code combination command common compatibility competing complete complex complexity computation computers concepts conclusionas constantly content contribute control coroutines craft created dashes data database day days dealing details digits disks documented doesn doing driven easier elegant end enough environment especially essentially evade every everyone everywhere evolution example excellent exceptions excessive exploded expressions fairly familiar familiarity fault feature features field fighting figure file files find finder focus focused franca from full functional future get getting going good great hacker hackers has hate have having heavily highly home however imperative important incorrectly infosec insecure instead interesting isn issue issues java javascript jits jitted just knew know known language languages large largely leaks learn learning least legacy libraries like line lingua list looked lost lot lots machine major makes manual master match matching matter means memory mentioned metasploit more most mozilla multi multicore need needs network new newer next nonsense not note numbers object objective obsolete off often one oriented orphaned other out over overflows paradigm part particular particularly pattern patterns pentesting people perfect personally php plan point poorly popular powershell praise praising problem process processors professionals program programming purpose python pythonthis queries query questions quirky quite read reading real really reason reasons regex regexes regexlike regular remember replacement reviews roll ruby rubyruby rule rust rustrust safe scalable schism scripting scripts security see seems separate seriously server short should shouldn shove simple since slow social solve some somehow something sort specific sql sqlsql standard start stick stop storing structure structures struggle stupid such support support/libraries supports swift swiftback syntax syntaxes systems tables task tasks teaching text than that them then there therefore these thing things those though thus tight tightly tool toolkit tools troublesome two unavoidable unavoidably universities unless unreasonably use used uses v2/v3 variant version view vulnerabilities want war web webassembly weird well what when whenever which will windows within without wonderful work world worth write writing written wrong years you your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.