Learn Coding for Cybersecurity?

[precious]

Not all cybersecurity roles require coding, but it can be a valuable skill. Should certifications like Pentest+ or SecurityX include more emphasis on programming, or is it a niche skill?

 

[Trevor Chandler]

Not all cybersecurity roles require coding, but it can be a valuable skill. Should certifications like Pentest+ or SecurityX include more emphasis on programming, or is it a niche skill?

If programming were to be included on the exams, what language would you use to
make the assessment? An additional challenge would be how to go about assessing
the coding? Considering multiple approaches could be taken to code something. If a
question requires some code that involves a looping construct, I might be more proficient
at using a "while loop", and others may be more adept at using a "for loop". And looping
syntax is only the beginning of differences to be assessed.

Whether it's a niche skill or not can certainly be debated. However, niche skill notwithstanding,
the variations in programming styles, I believe, would set the stage for some very heavy lifting
in terms of exam assessment.

The End!!!

 

[precious]

If programming were to be included on the exams, what language would you use to
make the assessment? An additional challenge would be how to go about assessing
the coding? Considering multiple approaches could be taken to code something. If a
question requires some code that involves a looping construct, I might be more proficient
at using a "while loop", and others may be more adept at using a "for loop". And looping
syntax is only the beginning of differences to be assessed.

Whether it's a niche skill or not can certainly be debated. However, niche skill notwithstanding,
the variations in programming styles, I believe, would set the stage for some very heavy lifting
in terms of exam assessment.

The End!!!

Beautiful saying.....Maybe we just stick to testing exploits and leave the coding debates for the devs

 

[Trevor Chandler]

Beautiful saying.....Maybe we just stick to testing exploits and leave the coding debates for the devs

That's the direction that I'm leaning!!!

 

[precious]

That's the direction that I'm leaning!!!

Many Thanks Sir!

 

[Rick Butler]

Only generally. Sure, programming is part of security, but it's not the end all, like the question intimates. And if you're going to assess programming knowledge, then what language do we plan to use? How will you assess that, given that there are a myriad of approaches in programming?

/r

 

[precious]

Only generally. Sure, programming is part of security, but it's not the end all, like the question intimates. And if you're going to assess programming knowledge, then what language do we plan to use? How will you assess that, given that there are a myriad of approaches in programming?

/r

True! Picking a language is tricky,...... as JavaScript helps with understanding XSS attacks (executing malicious code in browsers), SQL is key for SQL Injection (injecting malicious queries), and Python aids in crafting custom exploits or automating tasks........while we don’t need a deep dive into coding, a little programming knowledge makes these attacks way clearer.....No need to test all languages-just enough to connect the dots between code and vulnerabilities.

 

[Rick Butler]

True! Picking a language is tricky,...... as JavaScript helps with understanding XSS attacks (executing malicious code in browsers), SQL is key for SQL Injection (injecting malicious queries), and Python aids in crafting custom exploits or automating tasks........while we don’t need a deep dive into coding, a little programming knowledge makes these attacks way clearer.....No need to test all languages-just enough to connect the dots between code and vulnerabilities.

Better. I appreciate the higher quality post in reply, rather than simple low-quality statements of agreement sprayed all over.

I would tend to agree that having some knowledge of basic programming helps in cyber defense. I'm also of the persuasion that "to a carpenter, everything is a hammer, nail, and wood". Programmers are going to tend to the belief that "more programming is better", where someone who spends his time pouring over logs or runs a SIEM is going to prefer more topics about SIEM and SOAR.

This is why having a balance is important. No certification will EVER prepare a person for the complexities of a job. Instead, they will have REQUISITE knowledge for which they can apply skill. Very rarely is anyone ready on day one.

/r

 

[precious]

Better. I appreciate the higher quality post in reply, rather than simple low-quality statements of agreement sprayed all over.

I would tend to agree that having some knowledge of basic programming helps in cyber defense. I'm also of the persuasion that "to a carpenter, everything is a hammer, nail, and wood". Programmers are going to tend to the belief that "more programming is better", where someone who spends his time pouring over logs or runs a SIEM is going to prefer more topics about SIEM and SOAR.

This is why having a balance is important. No certification will EVER prepare a person for the complexities of a job. Instead, they will have REQUISITE knowledge for which they can apply skill. Very rarely is anyone ready on day one.

/r

Very beautiful explanation!... Thanks for clarity... Now am feeling like am in OTW classroom

 

[Trevor Chandler]

Very beautiful explanation!... Thanks for clarity... Now am feeling like am in OTW classroom

What is OTW?

 

[precious]

What is OTW?

OccupyTheWeb-Author of Linux basics for hackers

 

[Trevor Chandler]

OccupyTheWeb-Author of Linux basics for hackers

So much I don't know!
Thanks precious!!!

 

[Gregory Childers]

Both PenTest+ and SecurityX require a basic understanding of Bash, PowerShell, and Python. They are explicitly listed in the exam objectives.