Results 1 to 9 of 9

Thread: Newbie to programming/linux - which language for security engineer?

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Talking Newbie to programming/linux - which language for security engineer?

    Hi all,

    First off, great forum! I've been lurking for a while and have played with BT2/3 so firstly thanks to everyone who have already answered my wireless and BackTrack installation questions via the search! :-D Also thanks to all the people who make BackTrack possible - it's an awesome distro although I have reverted to Slack for now to learn the fundamentals.

    Anyway, I am a security engineer (mainly Cisco and Checkpoint) who has plenty of experience working with security hardware. I have designed, installed, broken and fixed a whole range of equipment in my 10 years in networking.

    However, I've always managed to avoid learning how to program! It's got to the stage however that I really should pull my finger out and learn some.

    My questions are:

    Which language is good for a beginner who already works in the security field?

    What kinds of things will programming allow me to do that I can't do already?

    I'm willing to put the hard work in if it will allow me to become better at my job but I'm asking you guys so I can direct my efforts accordingly.

    I feel like a bit of an idiot saying I'm a security guy who can't program and is relatively new to Linux!! lol Most of my work involves the configuration and building of firewall and IPS's and I've never really HAD to learn programming - but I want to. :-)

    Thanks in advance!

    Grafter

  2. #2
    Junior Member 0m3gasw1tch's Avatar
    Join Date
    Feb 2010
    Posts
    25

    Default

    I know exactly your situation!

    I'd start off with a basic scripting language such as Bash to get your head around the basics of programming constructs (loops, if/then, case, etc). From there you could move into Python or Perl. Python is pretty simple to learn, and there are hundreds of great resources out there for free.

    As far as what programming can do for you that you can't already - your imagination is pretty much the limit. You can write some pretty cool tools for security auditing, practise exploiting software (with permission of course), and distributed testing of network objects just for starters. And because languages like Python and Perl are available for just about every platform, your new skills will be transferrable.

    For those who have been in the industry a while, it is interesting how the "security" role has changed (some people I know call themselves security professionals because their role is mainly updating AV definitions and performing routine scans). Don't feel like an idiot now for not getting into programming earlier - plenty of time for that when you're knee deep in home-grown programs that make you're life easier (i.e "Why didn't I start this like 10 years ago)



    Switch

  3. #3
    Just burned his ISO vintage's Avatar
    Join Date
    Jul 2008
    Posts
    20

    Default

    When I first started to write code on Linux I started with Shell Scripting.
    Not sure there's a right way or wrong way to go as all learning is good...I just found it easier with learning Shell first.
    The pure and simple truth is rarely pure and never simple.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default

    Quote Originally Posted by 0megaswitch View Post
    I know exactly your situation!

    I'd start off with a basic scripting language such as Bash to get your head around the basics of programming constructs (loops, if/then, case, etc). From there you could move into Python or Perl. Python is pretty simple to learn, and there are hundreds of great resources out there for free.

    As far as what programming can do for you that you can't already - your imagination is pretty much the limit. You can write some pretty cool tools for security auditing, practise exploiting software (with permission of course), and distributed testing of network objects just for starters. And because languages like Python and Perl are available for just about every platform, your new skills will be transferrable.

    For those who have been in the industry a while, it is interesting how the "security" role has changed (some people I know call themselves security professionals because their role is mainly updating AV definitions and performing routine scans). Don't feel like an idiot now for not getting into programming earlier - plenty of time for that when you're knee deep in home-grown programs that make you're life easier (i.e "Why didn't I start this like 10 years ago)



    Switch
    Bash it is then! Yeah, the security roles seem to be wide and varied. I've worked in networking for quite a while now but I didn't go to university or college where they usually teach some kind of programming language on the course so I've had to learn everything from books/videos/internet.

    In my working environment I'm quite senior but on this forum I feel like a complete newbie! Which is great because that means I have lots of people to learn from!

    Grafter

  5. #5
    Member Oneiroi's Avatar
    Join Date
    Jul 2008
    Posts
    59

    Default

    Bash & PHP are my personal preference.

    C++ is also a good language to know, but I find I only use it rarely now
    ---------

    OSX 10.6
    Advent Vega (Tegra 250)

    Working on getting BT5 working on the Vega

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    For an ethical hacker/penetration tester and security engineer.you must be good in *NIX shell programming mainly korne,bash and C shell and PHP script,javascript,SQL,Python,perl,java is most imp. cause most of the attacks today like SQL injection need SQL query knowledege and XSS need Javascript and VBscript knowledege.perl & CGI along with ASP has become main target of web application securities.

    Secure_it
    MS(IT),MCSE:Security,Comptia Security+,CCNA,EC CEH,CCSP,CCIE-Security

  8. #8
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    5

    Default

    Quote Originally Posted by secure_it View Post
    For an ethical hacker/penetration tester and security engineer.you must be good in *NIX shell programming mainly korne,bash and C shell and PHP script,javascript,SQL,Python,perl,java is most imp. cause most of the attacks today like SQL injection need SQL query knowledege and XSS need Javascript and VBscript knowledege.perl & CGI along with ASP has become main target of web application securities.

    Secure_it
    MS(IT),MCSE:Security,Comptia Security+,CCNA,EC CEH,CCSP,CCIE-Security
    How on earth do you find the time to learn and practice everything? I work pretty hard and there still isn't enough hours in the day! I'm doing CCIE Security just now and I'm already CCNP/CCSP/MCSE/CCSE. I've pretty much worked my ass off the past 5 years and yet still don't have a clue about programming.

    At the moment my job is network security consultant but it seems like I have at least another five years on the hamster wheel before I'll be accomplished at what I do. Network Security is a very broad subject to learn and work in, which I suppose, is a good thing!

    I got some bash scripting instructionals so I am going to go through them, make Linux my OS of choice at home for everyday use and make the programming side of things my hobby for now until I can get some commercial experience on it.

    Right now just Linux itself is cheesing me right off but I'll get there eventually and make it my b*tch lol

    How did you find the CCIE Sec btw?

    Grafter

    ps. thanks for all the other replies in the thread

  9. #9
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    Currently I am also doing CCIE-Security.playing with CISCO NAC,CSMARS On my laptop only.I been able to get them work on my laptop using Recovery ISO of CSMARS and NAC. as well as cisco IPS too.currently I am playing with the source code of IPS 6.1 so that it can be emulate in VMware.i like to do wireless penetration testing a lot.so 2 things all together.network security as well as information/system security.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •