Python has gained traction as the next most-popular programming language to learn among people who want to break into cyber security as an expert penetration tester, cybersecurity researcher, or ethical hacker. As you can probably tell by the growing popularity of coding boot camps that teach Python as their first programming language, Python is relatively easy to learn and its simple syntax makes it easier to read and understand code written by others. So Is Python good for cyber security or why is Python so popular with cyber security professionals? Let’s take a look at what Python can do and whether or not it’s actually good for cyber security work in 2018.
Is Python good for cyber security?
- Build an understanding of the language
- Learn about OWASP
- Practice coding in Python
- Use GitHub to store your code
- Find a platform that works for you
- Become familiar with Kali Linux
- Consider becoming certified as a penetration tester
- Keep trying new things, there is no best path
Build an understanding of the language
Learning a programming language, like Python, takes time. You’ll need to read books and tutorials to understand how it works; you’ll need to write some programs yourself to really get a feel for how it operates. While there are some quick resources out there that will help you grasp foundational concepts in only hours, you should plan on putting in more time.
It could take weeks or months of daily study—and often times more than just reading about coding—to become an expert coder. If you’re looking at online resources, make sure they come from reputable sources such as universities or government agencies, since these tend to be some of the best and most up-to-date learning materials around.
Learn about OWASP
The Open Web Application Security Project (OWASP) is a global community of professionals and enthusiasts dedicated to making software more secure. Founded in 2001, OWASP’s membership now has 4,000 contributors from over 130 countries. It is probably one of, if not the primary source of online information on web application security today.
There are resources here on everything from code review, testing tools, and frameworks as well as content on user/application interaction, vulnerabilities, and attacks. You can even view numerous guides that outline best practices in development methodology to help ensure you don’t write applications with exploitable flaws!
Practice coding in Python
Coding is one of those skills that you can always practice and get better at. So, if you’re looking to become a programmer or find a new job in computer security (or any other related field), learning how to code in Python is probably a great idea. Many companies use Python as their primary programming language (Google, YouTube, and Dropbox are just a few examples).
It’s not just limited to being used by large corporations either; open-source projects like Linux heavily rely on it. Beyond having general programming skills, knowing how to code in particular languages can help you develop expertise in particular fields and be sought after by hiring managers—that’s why many engineers choose to have specific certifications (like those from Oracle) on their resumes.
Use GitHub to store your code
GitHub offers unlimited private repositories, a nice change from other free code-sharing sites like CodePlex and Google Code. (Those sites limit your storage to 1GB.) And while you can use GitHub free of charge if you’re only going to share public source code, you’ll want to upgrade to a pro account if you intend on collaborating with other coders in private.
The Pro account costs $7 per month or $25 per year. GitHub also provides a lot of great options for collaboration including pull requests, issues, and feature branches as well as full user permissions that allow users/teams to give any Github user access to their repositories.
Find a platform that works for you
With so many programming languages to choose from, it can be hard to decide which one is best. Before you even start writing your script, think about how you want to run your program. Do you want it to live on your computer and function as a stand-alone application, or do you want it to go online and connect with other programs, like a website?
Different languages handle these options differently—some of them are meant more for one style of programming than another. If you’re not sure where to start, check out our guide How To Pick a Programming Language: A Developer’s Guide; it includes details on different kinds of programming languages along with suggestions on how they might work in different scenarios.
Start with checking out the article The Basic Penetration Testing Tutorial by Daniel Miessler from 2014
The fundamental text of hands-on hacking. From there you can either start with python version 2 or python version 3. A good online tutorial that covers various tools in easy to understanding way is Penetration Testing Tutorial: Using Linux, Open Source, and Free Tools By Alexander Dewdney.
Please note that when I say good I mean that it would be helpful to at least understand a bit about penetration testing before starting with computer science (or maybe even earlier). You may have heard about Unix philosophy or Daoism in Chinese philosophy which talks about how everything comes together as one. Maybe something similar could be done with security too – not just ethics but also other fields like economics, psychology, and computer science could be used together without losing focus on one particular field.
Become familiar with Kali Linux
It’s no surprise that learning to use Kali Linux will make you a better computer hacker. The penetration testing distro comes packed with a number of utilities and tools used by security professionals to break into other people’s systems. If you’re just getting started, it helps to learn more about how these tools are intended to be used so you can take full advantage of what Kali has to offer.
Moreover, once you have experience with certain hacking techniques and tools, it makes sense to see if they work on your own systems as well. This is where scanning your network and finding vulnerabilities comes in handy—and these are functions that are typically only available through Kali Linux.
In addition to these specific hacking tools, Kali Linux comes packed with some basic security software that can help you better understand how your system is configured. For example, it’s a good idea to keep track of what devices are connected to your network.
On top of providing valuable insight into who or what is on your local network, tracking devices and users can be an important way to prevent malware from spreading through your network—as well as making sure employees aren’t using corporate resources for personal purposes. Luckily, Kali Linux includes a tool called nmap that makes it easy to see how many devices are connected to any given Wi-Fi network—and you can use it to detect and track both Windows and Mac computers.
Consider becoming certified as a penetration tester
Generally speaking, there are two types of certification: vendor-specific and industry. A vendor-specific certification can only be earned from a particular company, such as (ISC)2 or GIAC. The CISSP is one of these certificates; it is offered by ISC2 and tests your knowledge across multiple platforms. Industry-based certifications, on the other hand, generally test knowledge in general penetration testing topics like SCADA and encryption. If you’re looking to get into penetration testing, consider checking out (ISC)2’s Information Systems Security Certification Consortium (ISC)2 membership program to gain access to their classes or third-party training programs that lead to vendor-specific certifications like CISSP or SSCP.
Keep trying new things, there is no best path
Sometimes it’s hard to know what’s best, especially when we don’t know everything there is to know about a topic. We have our preferences, but that doesn’t necessarily mean we’re right. I think it helps to remember that there are many paths that lead to greatness, and they aren’t all going to look the same. You may be a great programmer, but if you want to make a career out of security, maybe knowing some Python isn’t so bad! 🙂 But hey, try not to spread too much fear uncertainty, and doubt; people like certainty. 😉 Good luck with your decision-making process. I hope things work out well for you no matter what path you choose. 😀