Penetration Testing mailing list archives
Re: Best Programming Language
From: Zack Payton <zpayton () gmail com>
Date: Thu, 29 Oct 2009 06:10:24 -0400
Right tools for the job: Perl: is good for quick and dirty but can quickly get unwieldy. If you expect your project to grow more than 100 lines, I would recommend going with a language that offers inherent object oriented capabilities such as c++/python/ruby. Most projects shouldn't need to grow larger than that anyhow because CPAN is just awesome. Python: easy to use, easy to pick up, massively scalable. Whitespace rules for code blocks are frustrating until you get your IDE set up right. A lot of modules but because it's really a thin layer above C, a lot of these modules aren't portable or centrally distributed. A lot more ad-hoc. Very good language if you expect more than one developer from different backgrounds. As opposed to perls (there's more than one way to do it) philosophy, python enforces code clarity by practicing a philosophy of there should be one right and proper way to do things. This is good because programmers from various backgrounds can end up reading each others code (i.e. some domain expert who just picked up python to work with the programmer who comes from a systems background). Interactive prompt, excellent for learning. Great first language. Ruby: descended from perl but pure Object Oriented (OO). Centralized library repository similar to CPAN (gem). Sweet language, slower than python (sometimes dramatically), but very versatile. Syntax is beautiful though. C: dangerous as fuck. I know people that have been programming in C since it was invented that still haven't mastered the language. Very flexible though, you have to manage all the memory yourself. Very fast. Easy to create create a security mistake that can easily lead to your entire system being compromised. Very good for high speed networking tools. Compiled rather than interpreted, so the development cycle has the extra steps of compiling/linking which is slightly more time consuming. You have to roll your own memory management which is good because you have precise control over just how much memory you consume, bad because it is easy to mess up. People writing in C generally spend their time dealing with the semantics of the language and compiler warnings rather than actually focusing on the task at hand. C++: C with OO, better large project management with the speed of C. SQL: used with almost all databases, definitely worth knowing. Assembly: as fast and tight as you're going to get but highly hardware dependent. Generally used for optimizing specific parts of programs or for writing micro (or not so micro) injectable shellcode. Javascript: the language of the web, worth knowing for most browser based projects. C#: Great for rapid development in Microsoft environments and on MONO. There is no best, there is only a best within your context. My 2 cents, Z On Wed, Oct 28, 2009 at 2:51 PM, Derek Fountain <derekfountain () yahoo co uk> wrote:
david lodge wrote:[*] perl is sort of a poor man's awk/shell bastard mix with libraries added, the libraries are pretty much all that saves it being consigned to the wastebin of history.Perl isn't a poor man's anything. It's got a massive feature set before you start to look at the libraries. It's very quick to develop with, very flexible and cross platform. It's a great language for security work: it's network access functions are excellent, low level right through to high level. It's got great HTTP, SQL and sysadmin facilities. Loads of exploits are written with it and it's perfect for knocking up quick, automated custom tests and attacks. David, if you don't like Perl that's fine, but stating your rather extreme opinions as facts to people asking for advice really isn't fair, either on the language or the person asking for advice. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Best Programming Language Zack Payton (Nov 02)