Recommended Scripting Languages


I've heard it said a few times that InfoSec professionals, especially those who perform penetration tests and security assessments, need to have at least good knowledge of one scripting language. I agree with this wholeheartedly. I've used Perl in the past and now I'm bouncing between Ruby and Python. What do you recommend? Do you have any suggested resources for those out there who may be trying to learn?


David H.

You need to be a member of OWASP to add comments!


Email me when people reply –


  • Python has many http modules that are handy and easy to use. If you learn python then you'll have the ability to debug

    great tools like SQLmap and frameworks like w3af. Metasploit users use Ruby often. I don't doubt for a minute that they don't know how to write in Python.

    My advice?

    Learn both. If you're into web app testing then learn python first.

  • I found "Coding for Penetration Testers" by Jason Andress and Ryan Linn (ISBN-13: 978-1-59749-729-9) to be a great intro to some of the languages commonly used.  It also gives some good examples to get your brain thinking about some of the things one can do.  The book can be found in the usual places as well as Safari Books Online.

This reply was deleted.