Programming in Cybersecurity

[eudaimonia]

I want to how much programming knowledge an intermediate pentester holds, keeping other skills dimensions as constant.

Because I am switching profession, having some baseline to compare my progression will make learning more efficient.

My strategy is to first build solid foundation before getting into hot stuff ,i have completed some courses of Harvard like CS50x, CS50w etc. and I now have some basic understanding of various programming paradigm.

Next step is to study about networking, OS. 

[Chris]

I am not a pentester, so I cannot answeryour question directly.

But what I can tell you, is that programming is not a thing you learn by studying. You will need projects - concerning pentesting probably CTFs or similar. Theory only helps to understand the tools, but a project will teach you to apply and combine them.

[zzz]

Really depends on the person.

Some amounts of python / shell / C(#) is required, but the depth really depends on the individual. 

[Zanidd]

I think you don't really *need* any coding/programming skills other than maybe scripting in bash/powershell/python. During pentests I usually only code to automate things or when I try to exploit a race condition. I think networking and infrastructure are "more important" when it comes to a classic pentest, AD takeover etc.

However, I come from a software engineering background (almost 10 years) and have build many projects on my own or for companies - And it helps. Especially when trying to exploit websites, do binary exploitation etc...

It gives you a general understanding of how the things you're trying to hack may have been built and what mistakes devs usually make.

It will also help you out in other occasions and coding is slowly becoming a skill as "important" as math. (E.g. our country has started teaching coding in primary schools)

[ChickenKing]

It’s always good to know, and I think for pen testing it will definitely serve you well. I work in IDR, and basic scripting has been beneficial for me 

[aeline]

Have done a small amount of pen-testing. Regardless of day-to-day usefulness (which as others say varies), knowing how to write code/how code gets run will help you understand the systems you're working with. The fundamental structure you're working with is code, understanding it is important.

[cd80]

Most content creators would say you don't need to learn programming but it is recommended, and they are right. I would start with bash script on Windows and Linux and then move on to python (the most popular in the field).

[malware_marty]

As others are saying, it depends. It helps to be able to build custom tooling, or at least be able to understand how your tools work. I would say at least a beginner level understanding is necessary.