Programming within cyber security domains such as pentesting, is something elementary, if you are going to dedicate yourself to detect security flaws in applications, you must know how an application is made to be able to detect these flaws, knowing how to read and especially understand other people’s code is a must if you are going to be a pentester.
This topic is really something very debatable, many claim that knowing how to program is not something 100% necessary for pentesting, the truth is that, yes it is, not at the level of creating an application from scratch, but it is necessary to have that independence when creating your own tools, adapt third-party code depending on the context, read and understand the code of an application you are auditing and so on.
That is why, today we are going to discuss which are the ideal programming languages to learn if you are interested in pentesting, these languages will be divided into three groups, the elementary ones, those oriented to web pentesting and those oriented to operating systems pentesting.
Elementary programming languages
This is the language that you really should learn not only if you are going to dedicate yourself professionally to pentesting, currently Python is by far the programming language with the easiest syntax to understand, besides having attractive features for beginners such as being strongly typed, not being a compiled language and being interpreted.
In this case we are in a paradigm that is only useful in Windows systems, because being a scripting language, it allows us to combine the use of native powershell commands in conjunction with the programming logic, although most servers in the world use Gnu/Linux distributions, Windows Server systems have long been gaining a larger and larger market share and, for this reason, if you are a pentesting professional, you are going to encounter many Active Directory environments, so knowing how to move effectively there is elementary.
Next, we have another scripting language but applied to Gnu/Linux distributions and compatible with the Bourne Again Shell and derivatives, this language is quite useful for the creation of tools that help you in your work as a pentester or other tools that are not necessarily for offensive security work.
For pentesting it is highly recommended that you have knowledge of at least these three languages in your arsenal.
Web pentesting languages
This language is understood by almost all browsers (I say almost because there is such and such exception, but very punctual) is the language that gives interactivity to web pages and runs on the client side, in addition, its syntax is quite simple, not as simple as Python but it is a good choice to start if you want to program from scratch.
Many do not like this language very well, the truth is that PHP is used in the vast majority of existing websites today, so knowing its syntax and perform well in environments where this language is used is elementary, plus there are many web vulnerabilities that you can detect only by reading the application code, which is something very positive in your work as pentester, remember that it is to discover most (preferably all) the weaknesses of systems and applications so that later these bugs are corrected and the assets are more secure.
Este lenguaje como tal no es de programación (si hablamos de PL/SQL, sí) pero es usado para hacer consultas a bases de datos y, casi cualquier aplicación hoy en día usa por lo menos una base de datos, por lo que conocer la sintaxis de SQL es algo que no debe faltar en tu arsenal.
HTML y XML
These are definitely not programming languages, they are tag languages and, learning them is very simple, in one afternoon you can have a base of them and, it is not like they are 100% necessary, but, if you are going to audit web applications, it is advisable that at least, you have a brief idea of this pair.
Languages for system pentesting
This language, created by Google, is the best there is for working with connections and sockets, so if you plan to develop a tool where you know you are going to interact a lot with other devices, Golang is your language.
This language is the father, basically whatever you can imagine, you can somehow do it with C, for example, Windows, is made in C (although it has parts in assembler and C++) but knowing about C will not only open many doors in cybersecurity, but in any branch of computing, yes, if we compare it with Python at the syntax level, they are very different, since the syntax of C is not as simple as that of Python, but for the possibilities it offers, it is worth the joy to learn it.
There are also other languages, such as Java, Ruby, Perl and others, however, it will be up to you to decide which ones to learn.