Whether you’re in the game of automation/scripting or software engineering, there’s a typical question that you’ll ask yourself.
“Why this language?”.
The answer could be a combination of things. Sometimes it’s proper libraries for what you’re trying to build. Other times it’s what the team is comfortable with. All said and done, a programming language is a tool. Unless there’s a dedicated/specific reason (like using C to build a distributed system instead of JavaScript), the language rarely matters.
In cyber security, it’s the same. However, the cyber community has shifted towards Python.
In this blog post, you’ll learn why.
Ease Of Use
There are three pieces to the “why” behind Python being chosen for security.
- Use
- Libraries
- Available knowledge
Python has a reputation of being an easy programming language to use. No programming is easy, but it may have gotten this reputation due to the sheer amount of people using it (it’s still the most popular language) and available resources (due to it being so popular).
As a software engineer, someone can practically use any programming language and have a solid understanding of what’s going on. It’s like if you speak Spanish and you’re learning English - “hi” is still “hi”, it’s just said differently. Same rules apply for coding.
If you aren’t a senior/principal level developer (majority of cyber security folks aren’t), then you need a language that you can “pick up and put down” quickly. That’s what Python gives you.
Available Libraries
If you’re scripting, you’ll want quick and easy libraries to use that are ideally part of the language. Standard libraries come with the language and third-party libraries are downloaded later.
💡 Not all of the time, but most of the time it’s best to use standard libraries. The reason why is because if you fill your software with a bunch of libraries that aren’t “official”, you never know when support will stop for them.
If you’re doing AppSec (by scripting automation tools), you’ll want things like security linters and available libraries (like the SonarQube client library) to write tools for finding vulnerabilities.
If you’re conducting network security testing, you’ll be thinking to yourself “I need to access networks without having to jump through a million hops”, so you’ll want some standard libraries like socket
in Python to help out.
The point is that available libraries are key to how you can use a programming language to get the job done. This is of course even true outside of Python. Go (golang) has a library called gosec
which is super easy to use and absolutely phenomenal for running security tests against code.
Any time you’re picking a programming language, you have to ask yourself “does this language have what I need for things to work in a particular way?”. That question is why some engineers use Python whereas others may use Go or Rust.
There are several libraries for cyber security, but the most popular are:
- Matplotlib: Plotting library. It’s a mathematics extension.
- Scapy: Network package manipulation and analysis.
- Requests: The most popular Python library for making HTTP calls (this NetSec).
- Cryptography: Helps with encryption of sets of data.
- Pycrypo: Secure data at rest and in transit.
Available Knowledge
Last but certainly not least (and perhaps the most important) is the available knowledge. There’s a really great book called Black Hat Python and there are two editions (the most recent was released in 2021, so it’s still fairly new). From what Google says, it’s just about the only true programming-focused pentesting book.
It just so happens that the book is written in Python.
Here’s the thing about programming - it’s only as good as the resources available. For example, if you have a library/module that’s super amazing, but there are little to no docs around it, no examples, and no one really talking about it, developers/scripters will flock to another module/library that can give them the answer a bit faster.
If you’re looking to get started in Python, here are some recommendations:
- If you’re a reader:
- If you enjoy watching videos (free):
- Paid courses:
Summary
A programming language that you use is only as good as the resources available for it and more importantly, the ease of use around it. Due to Python’s reputation of being an “easier” language to learn (spoiler alert: no programming/coding is easy), cyber security experts tend to go with it, and because they go with it, you know that there will be a ton of great resources out there around cyber and Python.
Top comments (2)
Given threading challenges, especially with libraries having C bindings (and it’s not always clear which ones those are), I’d argue that Python is about as secure as any other language.
Security is not improved by using a specific language. Security is improved by knowing how to use the tools being employed for the task at hand, and using them with an intentionality to protect your application and its users.
Totallly, Eric's book is very helpful to get you writing code any code. I felt a bit overwhelmed watching videos. In order to watch videos and code alongside the videos, you have to have a mad multimonitor work station set up. Eric's book lets you get your feet in the water as opposed to fresh drowning binge watching videos! If you are watching video, then I recommend getting another monitor for $100 or less, just to get that split screen workstation set up. Thanks for your insights Eric!