As a new generation filters into the high-tech workplace many individuals are attracted to the exciting field of cybersecurity.
The idea of being at the forefront of today’s war against cybercriminals combined with the industry-wide skills shortage makes cybersecurity attractive to some of the best and the brightest.
An April 2019 research report by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) indicates that 93% of cybersecurity professionals believe that “Cybersecurity professionals must keep up with their skills or the organizations they work for are at a significant disadvantage against today’s cyber-adversaries.” A skillset deficiency will directly translate into difficulty finding and keeping the most sought-after cybersecurity jobs.
This same report states that “For the third straight year, a majority (63%) of ISSA members do not think that their employer provides the cybersecurity team with the right level of training.” This is a strong indication that attaining and maintaining relevant cybersecurity skills must be accomplished by the individual on their own time and dime.
Computer programming is an elementary building block of computer science. Computer science is the foundation of computer security.
Knowledge of a programming language unlocks the mysteries of how a computer exploit works. In order to discover how an attacker successfully breached a system, a security professional will often need to examine the digital evidence left behind. To make sense of this evidence, an understanding of the language used to create the weapon involved is necessary.
It is recommended that cybersecurity professionals learn at least one object-oriented programming language. Mastering more than one language is better, but a solid understanding of one language can aid in understanding many other languages.
There are an estimated 250 popular computer programming languages and as many as 700 in total used around the world. Below are the ten computer programming languages most relevant to cybersecurity professionals.
These are the languages commonly used by cybercriminals, therefore, a good understanding of them will provide a significant advantage to security professionals that are proficient in one or more of these languages over those that are not. This list and accompanying descriptions should be used by cybersecurity professionals to determine if their programming skills are up to date and to lay out a course for further career education.
The popularity of a programming language, specifically among bad actors, is an important barometer of whether or not a security professional should invest time and money in learning that language.
Note that this guide discusses C and C++ together while the TIOBE popularity index addressed them separately. Also, the single outlier that is not included in the index’s top 20 list of popular languages is Lisp.
As the most popular programing language for programmers generally, Java has a lot to offer cybersecurity coders as well. If a coder is focused more on computer or mobile device software development over web applications, they are likely to improve their employability by acquiring and maintaining knowledge of the Java programming language. Java is a general-purpose language that is designed to require a reduced number of implementation dependencies. The idea is to let application developers write once, run anywhere (WORA). Compiled Java code can run on all platforms that support Java without the need for recompilation. It is one of the most useful programming languages in use today and is structured similar to C/C++.
Java is an important component of the Android mobile operating system even though there are historic and current legal struggles between Oracle (self-described steward of Java technology) and Google (main contributor and commercial marketer of Android).
Java is important for security practitioners because it is so widely used. A variety of industry sources estimate that over 95 percent of enterprise desktops run Java, and of all computers in the U.S., 88 percent run Java.
The similarities between C/C++ and Java make it a natural proficiency to add for those already knowledgeable in the former. A C/C++ programmer looking to spruce up their cybersecurity resume would do well to learn Java as well.
The C programming language, originally developed at Bell Labs by Dennis Ritchie between 1972 and 1973, is arguably one of the most important programming languages for cybersecurity professionals to master. C++ was created by Bjarne Stroustrup as an extension of the C programming language. Sometimes called “C with Classes” it is essentially an upgrade to the C programming language. Many millions, or even billions of devices around the world, including those running Windows, Mac, or Linux operating systems, operate using the C or C++ programming languages. Since C++ is an extension of C they are sometimes referred to as a single language, namely C/C++.
The historical popularity of these languages fuels the continuing demand for security specialists with a deep knowledge of them. It is commonly accepted that most malware is written in the C/C++ programming languages and they are, therefore, an essential skill for cybersecurity professionals to possess.
Note that C/C++ are not typically used by novice adversaries, commonly referred to as script kiddies. These languages can take years to master. An understanding of C/C++ coupled with knowledge of assembly language gives hackers extensive perspicacity into programs and their memory management.
C/C++ are also important for reading and understanding open source code, which often supports low-level system programs that are critical components of operating systems. Many black hats work with and depend on open source code for their activities.
Growing in popularity among security professionals as well as hackers is the high-level scripting language Python. It can be used for developing desktop GUI applications, websites, and web applications. Aficionados of this language insist the language is, by virtue of its massive community, the best choice for novice bad actors to use. The rationale is that easy access to online help from the community of users is destined to yield methods for a wide range of manipulation that can be used for treacherous purposes.
Since Python is a high-level language it is not comparable with C/C++ for power, detail, and exposure to hardware. Conversely, the readability of the language can provide a reasonable sense of the intended purpose for code written in Python. This makes an understanding of this language useful for cybersecurity pros.
With the benefit of a growing number of libraries, security teams can employ Python to perform malware analysis, create intrusion detection systems, and send TCP packets to machines without third-party tools. This means that they can build programs and automate work in an efficient manner.
These security exploits are becoming more common and more sophisticated. It is becoming more difficult for users to detect the subtle differences between the legitimate site and the imposter.
PHP is a widely used open-source general-purpose scripting server-side language. Many large-scale websites use server-side code to dynamically display information. When needed, data is pulled from a database stored on a server and sent to the client to be displayed.
Perhaps the most notable benefit of server-side code is that it allows for user-specific website content for individual users. Dynamic websites highlight content that is more relevant based on user preferences and habits. It can also make websites easier to use by storing personal preferences and information, for example, reusing stored credit card details to streamline subsequent payments.
PHP powers a huge number of websites including the 75+ million WordPress websites. Some estimate that 80 percent of the web is powered by PHP, including social networks like Facebook, although theirs is a custom version. PHP has risen to popularity because its features make it easy to update a website. PHP’s ease of use features also make it more vulnerable to attacks from the outside. As a result, PHP is a particularly important programming language to learn for those wishing to work in cybersecurity.
One of the most common hacking attempts on PHP-based sites is DDoS (Denial of Service) attacks designed to cripple a website.
Criminals can use PHP to delete all the data on a poorly constructed site. Knowing how to identify and solve these vulnerabilities in PHP code can save an organization’s entire database.
More than one cybersecurity blogger has stated that if a cybersecurity professional can learn only one language and there are other significant determination factors, PHP is likely the best choice.
Structured Query Language (SQL) is used to manage databases and retrieve the data that has been stored in them. A SQL query is a request for some action to be performed on a database. SQL injection (SQLi) is a popular type of security exploit in which the attacker adds SQL code to a web form input box in order to gain unauthorized access to resources or make changes to sensitive data. When executed correctly, an SQLi can expose sensitive intellectual property, personal information of customers, administrative credentials, or private business details.
SQL injection attacks can be used to target any application that uses a SQL database, with websites being the most common victim. Common SQL databases include MySQL, Oracle and SQL Server. With SQL injection, cybercriminals are able to make queries and get access to almost any data they want. This can result in the loss of passwords, bank account information, social security numbers, addresses, and much more.
An understanding of SQL, it’s legitimate uses, and how SQL injection is used to manipulate websites is critical for cybersecurity professionals. SQLi is one of the top threats to web application security. Security defenders, as well as pen-testers, will greatly benefit from the mastery of SQL.
Swift is a general-purpose, multi-paradigm, compiled programming language developed by Apple Inc. for iOS, iPadOS, macOS, watchOS, tvOS, Linux, and z/OS. It was introduced at Apple’s 2014 Worldwide Developers Conference and was officially released in September 2019.
Swift is an interactive programming language that combines modern language thinking with wisdom from the wider Apple engineering culture and the diverse contributions from its open-source community.
Due to its increasing popularity among programmers, both legitimate and illegitimate, combined with the fact that mobile devices represent the single fastest-growing attack surface, Swift programming language is a good candidate for any cybersecurity practitioner to learn. This is especially true for those focused on development and security for the various Apple products and operating systems.
Ruby is an interpreted, high-level, general-purpose programming language. It was designed and developed in the mid-1990s by Yukihiro “Matz” Matsumoto in Japan. The syntax of Ruby is broadly similar to that of Perl and Python. It was written in C language. Frequent users laud its ease of use and innate ability to maintain large code projects. Reports indicate that Ruby is used widely for websites such as Airbnb, Hulu, Kickstarter, and Github.
Ruby is attractive to beginning programmers and is therefore attractive to new hackers as well.
This easy to use and easy to learn programming language could possibly be a great additional language to learn in an effort to enhance a cybersecurity resume.
Perl is a general-purpose programming language originally developed for text manipulation and now used for a wide range of tasks including system administration, web development, network programming, GUI development, and more. It is an interpreted language, which means that code can be run as-is, without a compilation stage that creates a non-portable executable program.
Perl is generally considered an easy language to learn. While it is not nearly as readable as Python, it borrows syntax from various programming languages like C. It is, therefore, popular with programmers proficient in those languages.
While it is an older language and is often positioned as a rival to Python, Perl is particularly useful for security practitioners because it was used in a wide range of legacy computer systems. These same systems are often the target of bad actors.
Originally specified in 1958, Lisp is the second-oldest high-level programming language in widespread use today. Only Fortran is older, by one year. Due to the difficulty programmers often have in mastering it, Lisp is not a popular language. It is, however, extremely powerful.
Lisp would not ordinarily be recommended as a candidate for a new programmer’s first language but is a good choice for a veteran programmer looking to add a powerful tool to their arsenal.
Concluding coding for cybersecurity
Cybersecurity is not simply knowing about potential vulnerabilities and how to correct them. It is much more than that. A successful cybersecurity practitioner will need to learn to think like a hacker. Intimate knowledge of the hacker’s programming tools will enable a defender to anticipate the overall strategy and the employed tactics of the attacker. The ability to quickly identify the adversary’s methods and thereby predict his goal will enable security to defend more successfully.
For aspiring penetration testers, learning a programming language will improve their understanding of where flaws might exist in code and how to exploit them. Without a sound knowledge of programming principles, it would be impossible to identify faulty code or conduct a meaningful penetration test.
For incident responder hopefuls, the ability to investigate breaches, analyze malware, and reverse engineer attack tools will help them surface to the top of their field.
A risk specialist will benefit from learning code by an increased ability to understand and apply mitigation techniques and solve complicated software related problems.
With so many programming languages to choose from how can a cybersecurity professional, or someone aspiring to a career in cybersecurity, make a reasonable decision about what language(s) to learn?
Hopefully, this guide will illuminate the available options and order them into a useable perspective. The two most salient considerations for making this choice are what language will enhance the ability to create strong defenses and, second, what tools are the adversaries using to create their weapons.
Which language will allow the security professional to create strong defenses will, in large part, be determined or influenced by the standards established by their employer. Security programming is done in a team environment. The defensive tools needed in today’s threat laden cyber landscape are both sophisticated and flexible. While custom solutions are sometimes developed internally for large enterprises, most are created by vendors that supply security tools to the industry at large.
Learning which language will best equip a security professional to recognize, reverse engineer, or protect against cyber weapons deployed against their specific system is accomplished, in large part, by collaboration with their peers.
Each specific role under the larger umbrella of cybersecurity will likely profit from the knowledge of a different programming language. For example, a software malware analyst may need to be proficient in C in order to analyze viral code and assess what it does without running it. A network security architect may find more need for the power of Lisp in defense of the enterprise’s networks. A website security analyst might benefit from a knowledge of PHP.
If hoping to move up within their existing employer’s organization, the best choice for learning or adding a programming language should be self-evident. The organization’s security leaders will clearly understand what language will be most useful. Alternatively, if looking for a career change outside of their existing employer, a search of a tech job board will likely yield a clear understanding of what specific programming language is required for the desired cybersecurity position.