It’s versatile, it works on a minimum of code - and it’s also relatively easy to put to work: three factors which go a long way in explaining why Python is currently being touted as the “world’s most popular coding language”.
Black hat hackers are drawn to this language, too: something that was highlighted recently in figures relating to June-September 2018 from security specialists, Imperva.
- When looking at attack attempts on Websites the company protects, around 77% of those sites had been attacked by a Python-based tool.
- In a third of those cases, Python-based tools were responsible for most of the attacks the sites had been subjected to.
- More than a quarter of the clients observed were Python-based tools being utilised by malicious actors.
Here’s a closer look at how Python is being used for malicious purposes, and the reasons for its growth in popularity – and why getting clued up on this language comes highly recommended.
Hacking with Python: An Overview…
Here’s an overview of how Python is being put to work:
Preferred modules. Written in Python, “Requests” is a widely-used, Apache 2-licenced HTTP library, which essentially gives you an extremely user-friendly template for coding. Unsurprisingly, of the Python modules used for attacks, Python Requests is by far the most popular (its use was identified by Imperva in more than 89% of attacks).
Attack targets. Python-based attacks are prevalent across all major Web development frameworks. In the ‘top 10’ of frameworks targeted, Struts, Joomla and WordPress all featured heavily (reflecting the popularity of these frameworks).
The wider picture. Looking beyond its own data and at GitHub repository data, Imperva estimates that more than 20% of GitHub repositories that implement an attack tool or a ‘grey hat’ exploit PoC are written in Python.
The popularity of Python
According to The Economist, over the last year, people in the United States searched for Python on Google “more often than Kim Kardashian”. The volume of annual search queries relating to it has apparently trebled since 2010, while searches relating to other established programming languages remained steady - or else declined.
But of course, searching for information about something is not necessarily the same as putting it to work. So just how does usage of Python compare to other languages? The Economist has shed light on this recently…
It seems that usage rates have risen rapidly over recent years, to the extent that Python currently sits just below Java, C and C++ among the world’s most prevalent languages.
What’s driving Python usage rates?
Here are some of this language’s key characteristics which help explain its popularity…
Prominent users. The Economist cites some of the high profile projects in which Python code has been put to work. This includes Pixar’s animation production, Google’s page crawling bots and Spotify’s track recommendations feature. When there is this level of backing behind a language, its cache among developers tends to increase.
Rich libraries. We’ve already touched on the popularity of the Python Requests module. If you can’t find what you are looking for within that repository, there are lots of other Python libraries out there; some general and some focusing on specific niches, from data analysis through to 3d animation. Ready-made code from these sources can help you save a lot of time on development.
Ease of use. As a language, Python is easy to understand and get to grips with, thanks in large part to an emphasis on clarity and natural syntax. You can write and execute it quickly too; all of which makes it ideal for beginners.
Find out more…
So can you launch your career as a cyber security specialist without a working programming knowledge?
Let’s just say that in theory it’s possible. In practice though, getting to grips with at least one language can help you immensely. Penetration testing, putting together tailored programs to automate operations, spotting malicious code and much more: your capabilities in all of these areas are massively enhanced if you know precisely what you are looking at – and you can author and configure your own tools – rather than relying on those created by someone else.
Python is popular across the board. It’s powerful – and it happens to be pretty easy to learn and use. All of this makes it an ideal hands-on introduction to programming for any newbie. To start getting on top of it, I recommend this Python course bundle comprising everything budding hackers and security experts need to know. The Complete Python for Hacking and Cyber Security Bundle