Learn a Scripting Language to Make Security Work Easier

Monday, March 07, 2011

Brent Huston


One of the most common complaints I hear from folks working in information security is that they are overwhelmed with data, alerts, log files and all of the other information sources they deal with on a daily basis.

Often, this is a problem that can be solved with an adjustment to the level of data they are looking at and investment in some processes and tools to help gain some leverage.

You may not need or be able to afford a full SEIM implementation, but with a couple of basic tools and a little bit of creativity, you can likely get a bit more leverage than you are today.

The first thing I often advise folks to do is to embrace a scripting language.

You don’t need to become a master coder, but to get some leverage from systematizing your work, you will have to create some tools that are specific to your work. These scripts or tools should replicate much of the repetitive work you are doing today and can be a simple front end to handle the most common issues without your personal interaction, thus saving you time and resources.

Specifically, let’s say you have to comb log entries for a specific message that is pretty routine and then email the help desk when you see that message with the relevant details. In our example, with some basic scripting skills in python/ruby/perl, this becomes an easy to automate task.

Pull the data in, parse through it with some scripting logic, segregate out the events you need and then drop them into an email and send it out. A quick script that runs in a scheduler or cron and your new virtual assistant just took over one of your daily tasks.

Do this enough, and you knock out much of the repetitive work you face today. That frees up your cycles to dive deeper, do additional research or grow your skills.

Scripting helps in other ways too. Understanding programming logic basics is a huge plus for security folks who might have a more network/systems-centric background. It will help you understand a lot more about how applications work in your environment and how to best interact with them in ways to protect them.

It also gives you some empathy when working with developers and other folks who are heads down in code. Scripting can also be a very valuable skill in just solving complex problems and the security world is full of those.

How to get started in mastering the basics of a scripting language? Well, identify how you learn best. Are you a classroom learner, then take a class or use online universities and training that are common today.

Learn by reading? Then get yourself a good book from Amazon or the mall and get started. Learn by doing? This is the easiest on of all. Just do it. Choose one language. Stick with it. Learn the basics. Looping, variables, basic syntax, file access, etc. Then grow your skills over time by actually scripting your tasks.

I challenge you to try this for 90 days.

Give it a shot. If, after 90 days, this is not helping you free up more time at work, learn more about things you don’t know today and making your job in security easier, then write me a nasty email and stop doing it.

I have made this challenge before and haven’t gotten one email in more than a decade that said it was horrible and that it didn’t help. 90 days. Give it, and yourself, a break and make it happen. The first step is committing to actually do it. Make the commitment and follow through. You won’t be sorry.

Cross-posted from State of Security

Possibly Related Articles:
Training SIEM Secure Coding Security Scripting
Post Rating I Like this!
shawn merdinger One of my favs here:

Advanced Bash-Scripting Guide
shawn merdinger Michael -- PHP is very useful. The thing that I find most attractive about shell scripting with Bash is most systems will have it and there's nothing else to install, so the portability is great.

What I need to work on more is Windows PowerShell, and there was a great Defcon 18 preso on this here:

Duane M I've started to learn Ruby for scripting purposes. Maybe with time I'll be able to contribute to the MSF project.
Rod MacPherson I've always stuck to the baseline shell scripting languages... BASH, CMD, DOS Batch... but I'm now very interested in learning Python. I had some Perl knowledge, but then I lost most of what I knew when I started working in a Windows world where it was basically guaranteed NOT to be installed.

PowerShell and WMIC are also on my to-learn list.

I learned a little PHP when I was interested in Web stuff, and I should probably go back and refresh that knowledge before it goes the way of Perl for me. I can't say I've ever used PHP at the command-line though.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.