Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Best Programming Language
From: Zack Payton <zpayton () gmail com>
Date: Thu, 29 Oct 2009 06:10:24 -0400

Right tools for the job:
Perl: is good for quick and dirty but can quickly get unwieldy.  If
you expect your project to grow more than 100 lines, I would recommend
going with a language that offers inherent object oriented
capabilities such as c++/python/ruby.  Most projects shouldn't need to
grow larger than that anyhow because CPAN is just awesome.

Python: easy to use, easy to pick up, massively scalable.  Whitespace
rules for code blocks are frustrating until you get your IDE set up
right.  A lot of modules but because it's really a thin layer above C,
a lot of these modules aren't portable or centrally distributed.  A
lot more ad-hoc.  Very good language if you expect more than one
developer from different backgrounds.  As opposed to perls (there's
more than one way to do it) philosophy, python enforces code clarity
by practicing a philosophy of there should be one right and proper way
to do things.  This is good because programmers from various
backgrounds can end up reading each others code (i.e. some domain
expert who just picked up python to work with the programmer who comes
from a systems background).  Interactive prompt, excellent for
learning.  Great first language.

Ruby: descended from perl but pure Object Oriented (OO).  Centralized
library repository similar to CPAN (gem).  Sweet language, slower than
python (sometimes dramatically), but very versatile.  Syntax is
beautiful though.

C: dangerous as fuck.  I know people that have been programming in C
since it was invented that still haven't mastered the language.  Very
flexible though, you have to manage all the memory yourself.  Very
fast.  Easy to create create a security mistake that can easily lead
to your entire system being compromised.  Very good for high speed
networking tools.  Compiled rather than interpreted, so the
development cycle has the extra steps of compiling/linking which is
slightly more time consuming.  You have to roll your own memory
management which is good because you have precise control over just
how much memory you consume, bad because it is easy to mess up.
People writing in C generally spend their time dealing with the
semantics of the language and compiler warnings rather than actually
focusing on the task at hand.

C++:  C with OO, better large project management with the speed of C.

SQL: used with almost all databases, definitely worth knowing.

Assembly:  as fast and tight as you're going to get but highly
hardware dependent.  Generally used for optimizing specific parts of
programs or for writing micro (or not so micro) injectable shellcode.

Javascript:  the language of the web, worth knowing for most browser
based projects.

C#:  Great for rapid development in Microsoft environments and on MONO.

There is no best, there is only a best within your context.
My 2 cents,
Z



On Wed, Oct 28, 2009 at 2:51 PM, Derek Fountain
<derekfountain () yahoo co uk> wrote:
david lodge wrote:

[*] perl is sort of a poor man's awk/shell bastard mix with libraries
added, the libraries are pretty much all that saves it being consigned
to the wastebin of history.

Perl isn't a poor man's anything. It's got a massive feature set before you
start to look at the libraries. It's very quick to develop with, very
flexible and cross platform. It's a great language for security work: it's
network access functions are excellent, low level right through to high
level. It's got great HTTP, SQL and sysadmin facilities. Loads of exploits
are written with it and it's perfect for knocking up quick, automated custom
tests and attacks.

David, if you don't like Perl that's fine, but stating your rather extreme
opinions as facts to people asking for advice really isn't fair, either on
the language or the person asking for advice.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: Best Programming Language Zack Payton (Nov 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]