If you’re starting out in cybersecurity, probably the first thing you notice is the wide range of areas of specialization that are open to you as a cyber professional. In this article, I want to cover a very important technical area of cybersecurity that is often overlooked, which is computer programming, or coding.
Which programming languages are best to learn for cybersecurity? Having an understanding of programming or coding can be very helpful for cybersecurity professionals. Languages such as Python, C and C++, JavaScript, and even assembly language will help a cybersecurity professional on the job.
I know that programming is one of those subjects that tends to make complete beginners (myself included) panic, but with patience and dedication, a good understanding of any one of these five programming languages will give you a marketable edge when you’re applying for a cybersecurity position.
Why Learning Programming is Important for Cybersecurity
While it would be impossible for any one person to fill all the roles that make an effective cyber team, it is important for all professionals to have a general knowledge of computer technology. This general knowledge is invaluable in understanding the threats you may come into contact with during your career.
Cyber attacks are not limited to any one type and range from social engineering attacks to SQL injections. As a cyber professional it is important for you to recognize both the causes and symptoms of whatever threat you face. Consequently, while employers may not require that you know how to code, having coding knowledge can really give you an advantage on the job. Coding knowledge can give you the insight you need to recognize what a piece of software is doing, and even if it’s malicious code or not. This is why so many cybersecurity educational programs recognize the necessity of programming and introduce their students to at least an introductory course.
A highly marketable career field in and of itself, programming has the added bonus of rounding out a basic understanding of how computer programs function. For a cybersecurity professional, understanding a programming language can be an invaluable resource in recognizing vulnerabilities in a particular application and how an attacker could exploit those vulnerabilities.
However, no one programming language will provide a comprehensive understanding of every application-level and hardware weakness. For instance, an understanding of C can enable you to spot buffer overflow vulnerabilities in systems software. Familiarity with Perl can assist you in testing applications for errors. Proficiency in JavaScript can be useful in identifying security issues in web applications. And knowing SQL will help you prevent Structured Query Language injection (SQLi) attacks, a specific type of cyber attack that allows an attacker to manipulate SQL statements and penetrate a secure, SQL based database. Learn more about coding’s role in cybersecurity in our article here.
What You Need to Know About Programming Languages
Programming languages are usually divided into two groups: high-level and low-level. While high-level programming languages are generally considered easier to learn, low-level languages provide the groundwork for operating systems and other important computer functions. For example, C is the coding language behind the Windows operating system. The language you choose to learn really depends on what you intend to achieve. Below are my top five programming languages for cybersecurity professionals:
Cyber Programming Language #1 – C
Developed in 1972, C is still one of the most in-demand programming languages. Other popular, but more modern languages like JavaScript and Python borrow from C’s original syntax. As a system programming language, C has been used in developing some of the most popular operating systems, including Linux, Mac, and Microsoft Windows.
C is one of the most versatile programming languages, which can provide some low-level functionality to users. “Low-level” functionality just means that a programmer can operate at the bit-level, interact with a computer’s memory and CPU registers directly, and perform other hardware-specific tasks that high-level languages don’t directly interact with (whether C is really considered a high-level or low-level language is contextual, as C has a lot of flexibility and it depends on the situation you’re using it for.) Regardless, C gives programmers an extraordinary amount of power over a computer’s functions, and an understanding of C necessarily implies a better understanding of just how all the pieces in a computer work together.
The C Programming Language in Cybersecurity
From a cybersecurity perspective, an attacker who is proficient in C could manipulate all kinds of vulnerabilities in a computer’s system – which makes it equally important for cyber professionals to be able to identify these weaknesses themselves and know how to counter them. And since C is the basis for so many operating systems, there are a substantial amount of attacks that are going after targets that are written in C.
Here’s an example of programming syntax in C. If you choose to study any programming language, “Hello world!” is the introductory command that we all learn to love.
#include <stdio.h>
void main(void)
{
printf(“hello, world!\n”);
}
Cyber Programming Language #2 – C++
First developed in 1985 and closely resembling C in syntax, C++ is considered a general-purpose programming language. While C is a lower level language, C++ is extremely useful in developing powerful applications like video games, designing gaming engines, and programming CPU-specific functions. If you’re interested in game design you may notice that popular game companies like Bethesda and Rockstar frequently require that their programmers be proficient in C++ and/or C#.
The C++ Programming Language in Cybersecurity
For cybersecurity professionals, according to the National Initiative for Cybersecurity Careers and Studies, “C++ is a powerful programming language which gives intimate access to a machine’s inner workings.” Since “these features can be manipulated to exploit a program as a security flaw,” proficiency in C++ makes you as a cyber professional better equipped to recognize and fix these kinds of application-level vulnerabilities.
But be warned. Just because C++ is a more modern language doesn’t mean it’s easier to learn than C. In fact, the two languages are so closely related that they are both infamously difficult for beginners. Cryptography, error handling, and other security features are all available in C++, but this valuable language requires dedication and hard work to master. Here’s an example of some code in C++.
#include<iostream>
int main()
{
std::cout <<“Hello, world!\n”;
}
Cyber Programming Language #3 – Python
While Python is general-purpose like C++, it has the added benefit of also being high-level. High-level means more user-friendly, replacing cryptic terms with keywords that frankly make more sense to human minds.
Python, developed in 1991, is technically speaking a scripting language instead of a programming language (a programming language uses a compiler that translates an entire program directly into machine code, a scripting language uses an interpreter to translate one line at a time). The difference between scripting and programming languages is subtle enough to not really matter in our discussion here, but you will certainly hear the term scripting in your cybersecurity study and careers.
Python is used to develop applications, both web-based and software-based, and while it is not as useful as C in accessing low-level computer functions, it nonetheless is increasingly in-demand for web applications, GUIs, network programming, and other important tech features.
The Python Programming Language in Cybersecurity
Python has the added bonus of being “one of the most sought-after programming languages for cybersecurity,” and the NICCS recognizes Python as useful “in a variety of information security areas.” Python provides users with libraries full of ready-made functions that make creating applications much easier than starting from scratch. With Python, you as a cybersecurity professional can develop your own analysis tools and hacking scripts, and design secure programs. See our article dedicated to Python in Cybersecurity here.
Python does not require users to learn how a computer functions at the lowest level, but its versatility as a language is undeniable. Here’s our old example of “Hello world!” using Python. Look at the examples for C and C++. See the difference?
print(“Hello world!”)
Cyber Programming Language #4 – JavaScript
If you’re interested in secure web design, JavaScript should be your first choice. Like Python, JavaScript is considered a scripting language instead of a programming language, and is primarily used for designing interactive web pages and mobile and web apps. While it is a high-level language, JavaScript doesn’t have the general usage that Python, C, and C++ provide, but in an increasingly online environment it can be equally important.
The JavaScript Programming Language in Cybersecurity
Especially from a security standpoint, familiarity with JavaScript can help you identify weaknesses in web design that can be exploited by attackers. In some cases, JavaScript can even be manipulated by an attacker, enabling them to gather information about users or access web features that are confidential (this kind of attack is known as cross-site scripting).
It is critical for cyber professionals to recognize areas in web design that can be exploited by a malicious actor, and proficiency in JavaScript will help you identify and solve these types of security flaws. Web-related cyber attacks are on the rise, and JavaScript vulnerabilities are a primary target. Here is an example of basic JavaScript code:
console.log(“Hello world!”);
Cyber Programming Language #5 – Assembly
No, this isn’t a joke. Assembly language (or assembler language) is the lowest low-level programming language out there that a human can recognize and work with. It is, essentially, the closest language to actual machine code without strictly using the binary 0s and 1s, and that makes it pretty amazing.
Assembly has the downside of being device-specific, so depending on the architecture you are using the specifics of the language are liable to change – but if you know assembly, you have a solid, inside-out understanding of your computer.
Assembly lets you interact with specific memory locations and computer registers, and gives you an insane amount of control over your hardware. Add to that the fact that assembly just looks insane. Here is our example of “Hello world!” in NASM (Netwide Assembler) language, where you have to specify the address for your output and the exact number of bytes that you want reserved for the program. NASM is used in Linux-based systems – again, the exact type of assembly that you will use depends on your own system.
global _start
section .text
_start: mov rax, 1
mov rdi, 1
mov rsi, message
mov rdx, 13
syscall
mov rax, 60
xor rdi, rdi
syscall
section .data
message: db “Hello world!”, 10
Assembly Language in Cybersecurity
The advantages of knowing how to code in assembly are obvious for cybersecurity professionals. Just imagine how bad it would be if an attacker had this level of understanding and was able to manipulate your system on the byte level. Assembly is probably the most terrifying of all the computer languages, but if you put in the time to master it, you will have a great in-depth understanding of the machine you are defending.
Where Should You Start?
While the choice ultimately lies with you, my personal recommendation for most beginners of coding is to start with Python. When I started studying cybersecurity, I had pretty much no background at all in computers. I tried learning several languages, but all of them were extremely difficult for me until I started Python.
Python is a simple, powerful language that has a more intuitive syntax than the other languages. With Python as a starting point, the idiosyncrasies of the other languages will begin to make more sense.
Also, according to Indeed.com, the current average Python developer salary is $118,253. That’s not bad.
