Programming language for network security

There is no defined blueprint on what is the best language to learn. Therefor I would like to mention two good alternatives that I (and many otheres) think is a good languages to learn in computer security.

LUA

Explanation of Lua from wikipedia: Lua is a lightweight multi-paradigm programming language designed as a scripting language with "extensible semantics" as a primary goal.

The reason I mention LUA is a good language to learn is that it is the scripting engine for MANY popular security tools. This is a very good reason alone to learn this language. Some of the langauges include:

  • NMAP (Network mapping tool)
  • Snort (Open source IDS)
  • Wireshark (Packet sniffing tool)
  • Vim (Very popular unix text editor)
  • Cisco ASA (firewall, IPS, VPN)
  • Network services tools (Apache, lightHttpd, FreePop)

On a side note: Even Blizzard major hit World of Warcraft has support for LUA scripting inside the game :) To whomever that may be relevant to.

Python

I am a bit biased on Python after I've started reading the book "Gray Hat Python: Python Programming for Hackers and Reverse Engineers". I agree with many of the points from this book why it is good to learn this langauge for a hacker (commonly known as security specialist :)).

Quoted from Amazon Python is good language to learn because:

it's easy to write quickly, and it has the low-level support and libraries that make hackers happy.

It is also very comfortable to be able to interact on the fly with the interpreter in your Python shell.

Edit: Graphical view of HackerNews polls on favorite/ disliked programming languages: python wins

Edit 2: From Digininjas poll:

Language    Number  Percentage
Python  245 81%
Bash Scripting  241 79%
Ruby    127 42%
C   123 40%
Windows Powershell  111 37%
Batch Scripting 108 36%
PHP 107 35%
C++ 66  22%
Java    65  21%
Perl    57  19%
Other   57  19%
VB  29  10%
C#  26  9%
Lua 23  8%

There is not that sort of connection between programming languages and security, what might be a better way of looking at it is to learn common languages (so java would be a reasonable starting point) as all languages have security problems - you might as well look at security problems on a wide range of web applications and platforms rather than something esoteric.

Understanding network protocols is a good idea, and being able to analyse traffic at layers 1 - 4 can help, but this is broadly language agnostic.

have a good read of the other questions tagged Professional-Education for wider guidance.


Some parts of network security involve fiddling with the small details of TCP/IP packets as they are sent and received; to do that, you need to be able to intercept packets at a low level, and emit handcrafted packets as well (under Linux, for instance, this is known as using a SOCK_RAW socket). Not all programming languages provide usable API for that; knowledge of C is sometimes required to use these features.

Apart from that, any versatile programming language which has no trouble receiving and sending arbitrary bytes will be good for you; Java is fine in that respect.

Tags:

Source Code

Professional Education

Career

Recent Posts