Programming languages infosec professionals should analyze

Code is a vital talent of the infosec expert. However, there are so many languages to pick out from. What language need to you examine? As a heavy coder, I thought I’d answer that question, or at the least deliver some angle.

The tl;dr is JavaScript. Whatever different language you study, you’ll also want to study JavaScript. It’s the language of browsers, Word macros, JSON, NodeJS server-aspect, scripting at the command-line, and Electron apps. You’ll additionally want a bit of bash and/or PowerShell scripting talents or SQL for queries. Other languages are essential as properly; Python is very popular, for example. Actively keep away from C++ and PHP as they’re obsolete.

Web Development

Also, tl;dr: something language you decide to learn, discover ways to use an IDE with visible debugging, in place of just a text editor. That problems approach Visual Code from Microsoft.

Let’s communicate in standard terms. Here are a few styles of language.

Unavoidable. As referred to above, familiarity with JavaScript, bash/Powershell, and SQL are unavoidable. If you’re keeping off them, you’re doing something incorrectly.

Small scripts. You need to research, as a minimum, one language for writing short-and-dirty command-line scripts to automate tasks or process facts. As a tool-using animal, this is your primary device. You are a monkey; that is the stick you use to knock down the banana. Good choices are JavaScript, Python, and Ruby. Some area-unique languages also can work, like PHP and Lua. Those skilled in bash/PowerShell can do a surprising amount of “programming” duties in one’s languages. Old-timers use such things as PERL or TCL. Sometimes the choice of which language to analyze depends upon the sizable libraries that come with the languages, especially Python and JavaScript libraries.
Development languages.  Those scripting languages have grown up into actual programming languages, but for the most component, “software development” approach languages designed for that task like C, C++, Java, C#, Rust, Go, or Swift.
Domain-specific languages. The language Lua is built into map, chuckle, Wireshark, and plenty of video games. Ruby is the language of Metasploit. Further afield, you could turn out to be gaining knowledge of languages like R or Matlab. PHP is tremendously critical for internet improvement. Mobile apps may additionally need Java, C#, Kotlin, Swift, or Objective-C.
As an experienced developer, right here are my remarks on the various languages, taken care of in alphabetic order.

Bash (and other Unix shells)

You have to examine a few bashes for dealing with the command-line. But it’s also a reasonably completely programming language. Perusing the scripts in a median Linux distribution, particularly a number of the older ones, and you’ll locate that bash makes up a significant amount of what we think about because of the Linux operating device. Actually, it’s called bash/Linux.

In the Unix international, many other related shells don’t bash, which have barely distinct syntax. An appropriate example is BusyBox, which has “ash.” I mention this because my bash capabilities are alternatively negative, partly because I at first found out “csh” and get my syntax variations stressed.

As a hard-core developer, I end up just programming in JavaScript or even C to look to create complex bash scripts. But it would help if you didn’t get appearance down on complex bash scripts because they could do exquisite matters. In unique, in case you are a pentester, the shell is often the handiest language you’ll get whilst hacking right into a gadget, sod exact bash language talents are a have to.


This is the development language I use the maximum, genuinely because I’m an antique-time “structures” developer. What “systems programming” approach is honestly which you have manual manipulate over memory, which gives you approximately 4x overall performance and better “scalability” (overall performance doesn’t degrade as an awful lot as problems get larger). It’s the language of the running machine kernel and many libraries within a running system.

But if you don’t want manual management over memory, you don’t need to use it. Its loss of memory safety leading to protection problems makes it nearly obsolete.


None of the benefits of modern-day languages like Rust, Java, and C#, however, all of C’s problems. It’s an obsolete, legacy language to be averted.


This is Microsoft’s non-public version of Java designed to be higher than Java. It’s an excellent improvement language for command-line utilities, again-stop services, packages on the desktop (even Linux), and mobile apps. If you are operating in Windows surroundings at all, it’s an exquisite desire. If you could at all use C# rather than C++, do so. Also, within the Microsoft global, there is nonetheless loads of VisualBasic. OMG, please keep away from that like the plague that it’s far, burn in a fire burn burn burn, and use C# alternatively.


Once an enterprise reaches a positive length, it develops its own programming language. For Google, their maximum important language is Go.

Go is a nice language in fashionable, but it’s the predominant cause is scalable community programs using goroutines. This is done asynchronous consumer-mode programming in a way that’s maximum handy for the programmer. Since Google is all approximately scalable community services, Go is a perfect fit for them.

I do a variety of scalable community stuff in C due to the fact I’m an oldtimer. If that’s something you’re interested in, you have to pick Go over C probably.


This gets a bad reputation as it becomes once designed for browsers. However, it has so many protection flaws that it could’t be utilized in browsers. You nonetheless discover in-browser apps that use Java, even in infosec products (like consoles). However, it isn’t enjoyable for that. If you try this, you’re terrible and should sense horrific.

But browsers aside, it’s a superb development language for command-line utilities, again-stop offerings, apps on computer systems, and apps on telephones. If you want to write an app that runs on macOS, Windows, and a Raspberry Pi running Linux, that is an excellent desire.


As stated above, you don’t have a desire but to research this language. One of your basic talents is getting to know how to open Chrome developer equipment and manage JavaScript on a web page.

So the query is whether you learn just enough familiarity with the language to hack around with it, or whether or not you spend the effort to research the language to make improvement or write scripts. I advocate that you have to. For one issue, you’ll regularly encounter bizarre usages of JavaScript that you are unfamiliar with until you significantly examine the language, such as JQuery fashion buildings that appear not anything like what you may’ve at the start found out the language for.

JavaScript has certainly come to be a serious app improvement language with NodeJS and frameworks like Electron. If there’s one language within the globe that can do the whole thing, from writing lower back give up services (NodeJS), laptop applications (Electron), cellular apps (numerous frameworks), brief-and-grimy scripts (NodeJS once more), and browser apps — it’s JavaScript. It’s the lingua franca of the arena.

Also, keep in mind that your scripting language preference will frequently be based on the underlying libraries to be had. For instance, if writing TensorFlow device-learning packages, you want those libraries available to the language. That’s why JavaScript is popular within the gadget-getting to know the subject because there are so many libraries available for it.

BTW, “JSON” is likewise a language, or as a minimum a statistics layout, in its own proper. So it would help if you studied that, too.


Lua is a language much like JavaScript in many respects, with the large difference that arrays start with 1 as opposed to zero. The purpose it exists is that it’s straightforward to embed in different programs as their scripting language, is light-weight in phrases of memory/CPU, and is ultra-transportable almost anywhere.

Thus, you locate it embedded in security gear like a map, snigger, and Wireshark. You also see it because of the scripting language in popular games. Like Go, it has extraordinarily green coroutines, so you see it inside the Nginx net server, “OpenResty,” for back-end scripting programs.


Surprisingly, PHP is an entire programming language. You can use it on the command-line to jot down scripts just like Python or JavaScript. You may also have to examine it, as it’s nonetheless the maximum famous language for growing web apps, but studying it properly manner can write back-end scripts in it as nicely.

However, for writing web apps, it’s obsolete. There are so many unavoidable safety issues that you have to avoid using it to create new apps. Also, scalability remains tough. Use NodeJS, OpenResty/Lua, or Ruby alternatively.


The equal comments above that observe to bash also practice to PowerShell, besides that PowerShell in Windows.

Windows has two command-traces, the older CMD/BAT command-line, and the more moderen PowerShell. Anything complicated uses PowerShell these days. There are lots of pretty entire gear for doing thrilling matters from the command-line written inside the PowerShell programming language for pen-testing.

Thus, if Windows is on your discipline, and it almost without a doubt is, PowerShell desires to be part of your toolkit.


This has emerged as one of the most famous languages, pushed via universities that use it closely as the teaching language for programming ideas. Anything instructional, like gadget gaining knowledge of, could have remarkable libraries for Python.

A lot of hacker command-line tools are written in Python. Since such tools are regularly buggy and poorly documented, you’ll have to read the code lots to determine what is going incorrect. Learning to program in Python approach being able to contribute to those tools.

Individually I wouldn’t say I like the language due to the schism between v2/v3 and constant warfare. Every language has a problem with evolution and backward compatibility. However, this v2 vs. v3 trouble with Python appears particularly troublesome.

Also, Python is sluggish. That shouldn’t count on this age of JITs everywhere and things like Web assembly, but someway every time you have got an annoyingly slow device, it’s Python that’s at fault.

Note that I see praise for Python’s syntax on every occasion I study reviews of programming languages. This is nonsense. After a brief while, the syntax of all programming languages will become quirky and bizarre. Most languages these days are multi-paradigm, an aggregate of vital, object-oriented, and purposeful. Most all are JITted. “Syntax” is the least reason to pick out a language. Instead, it’s the selection of guide/libraries (which can be notable for Python) or precise functions like tight “systems” memory management (like Rust) or scalable coroutines (like Go). Seriously, prevent praising the “stylish” and “simple” syntax of languages.


Ruby is an amazing language for writing net apps that makes protection easier than with PHP, even though it has a few troubles like any net apps.

In infosec, the fundamental purpose of researching Ruby is Metasploit.

Like Python and JavaScript, it’s also a fantastic command-line scripting language with plenty of libraries to be had. You’ll locate it regularly used in this roll.


Rust is Mozilla’s alternative language for C and particularly C++. It supports tight management over reminiscence systems for “systems” programming. However, it is memory secure, so it doesn’t have all those vulnerabilities. One of these days, I’ll prevent programming in C and use Rust as an alternative.

The hassle with Rust is that it doesn’t have the support that other languages have, like Java or C# for apps, and isn’t as tightly centered on network apps as Go. But as a language, it’s notable. We’d all use JavaScript for scripting obligations and Rust for the backend work in a great global. But in the real global, other languages have higher support.


SQL, “shape question language,” isn’t a programming language as such, but it’s nevertheless a language of some kind. It’s something which you necessarily ought to learn.

One of the reasons to research a programming language is to manner records. You can try this within a programming language, but an opportunity is to shove the information right into a database then write queries off that database. I even have a server at domestic just for that reason, with huge disks and multicore processors. Instead of storing things like files and writing scripts to manner those files, I stick them in tables and write SQL queries off the one’s tables.


Back in the day, whilst computer systems have been new, earlier than C++ end up the “object orientated” language widespread, there was a competing item-orientated model of C referred to as “Objective C.” Because, as all of us knew, object-oriented become the destiny, NeXT adopted this as their software programming language. Apple sold NeXT, and as a consequence, it has become Apple’s programming language.

But Objective C lost the item-oriented war to C++ and has become an orphaned language. Also, it became foolish, essentially two separate language syntaxes combating for control of your code.

Therefore, a few years in the past, Apple created a substitute known as Swift, which is largely based totally on Rust’s version. Like Rust, it’s a super “systems” programming language that has more manual control over memory allocation, but without all of the buffer-overflows and reminiscence leaks you spot in C.

It’s a perfect language and splendid while programming in an Apple environment. However, while selecting a “language” that’s not particularly Apple targeted, select Rust as a substitute.


As I stated above, familiarity with JavaScript, bash/PowerShell, and SQL is unavoidable. To begin with those. JavaScript specifically has come to be a lingua franca, capable of doing, and do nicely, nearly anything you want a language to do these days, so it’s really worth entering into the finder info JavaScript.

However, there’s no One Language to Rule all of them. There are proper motives to learn maximum languages in this list. For some tasks, the assist for a positive language is so exact it’s simply satisfactory to examine that language to resolve that venture. With the educational awareness of Python, you’ll locate properly-written libraries that resolve critical tasks for you. If you need to paint with a language that different people recognize and ask questions on, then Python is an excellent choice.

Comments Off on Programming languages infosec professionals should analyze