Python Forum
Opinion on Python Security Books - Printable Version

+- Python Forum (https://python-forum.io)
+-- Forum: Forum & Off Topic (https://python-forum.io/forum-23.html)
+--- Forum: Bar (https://python-forum.io/forum-27.html)
+--- Thread: Opinion on Python Security Books (/thread-5614.html)



Opinion on Python Security Books - nexusfactor - Oct-13-2017

I just missed out on the free e-book about Python penetration testing over on Packt Angry

Anyways, I just wanted to know, the book was printed in 2015, we're now nearing the end of 2017(2 months away). Would a book printed in 2015 still be applicable? Technology changes fast, and with it security. I'm wondering if I purchase the book, is it worth it? I can't seem to find any book printed recently, and even if I do, I have a feeling I would have to read/learn it fast.

Just wanted to hear your opinions.


RE: Opinion on Python Security Books - sparkz_alot - Oct-13-2017

Just started reading it this morning, so I'm not an expert on it yet.  One thing of note, though there is an honorable mention to Python 3, the code is all in Python 2.7. It also seems to be targeted towards the use of Kali Linux. I imagine, provided you can find the tools used, you could use them on any Linux system (and possibly Windows). There also seems to be a section on basic networking, the OSI model and the workings of TCP/UDP.

Looks to be an interesting read all things considered.


RE: Opinion on Python Security Books - nexusfactor - Oct-13-2017

(Oct-13-2017, 02:23 PM)sparkz_alot Wrote: Just started reading it this morning, so I'm not an expert on it yet.  One thing of note, though there is an honorable mention to Python 3, the code is all in Python 2.7. It also seems to be targeted towards the use of Kali Linux. I imagine, provided you can find the tools used, you could use them on any Linux system (and possibly Windows). There also seems to be a section on basic networking, the OSI model and the workings of TCP/UDP.

Looks to be an interesting read all things considered.

Thanks for the input. If I wanted to get into penetration testing as a hobby, would this be a good book to start? Again, I don't want to purchase something that's going to sit in a box collecting dust. I want something that's up to date, and relevant.


RE: Opinion on Python Security Books - sparkz_alot - Oct-13-2017

I would start with a web search like "Penetration Testing books 2017". Look for those targeted towards beginners. Also, some things haven't changed that much, if at all, for instance networking.  Also tools mentioned in a 2015 book may have been updated since then, so you may have to do a little more searching.

Finally, if you find a book that looks promising, switch your search to the actual book title and look for the authors/publishers website. This will usually have more up to date information then say Amazon.


RE: Opinion on Python Security Books - wavic - Oct-13-2017

Some well-known bugs on some systems are not fixed for 17 years for example so you could answer itself if the book is still valuable. Just read it. You will learn a lot. About the methodology, where to search for weaknesses, about the protocols and their ports.


RE: Opinion on Python Security Books - phread - Oct-13-2017

I just asked about this the other day. I've got my GPEN and I'm trying to learn to script in Python, but you're right, all of the most recent pen test books reference 2.7. It's because Kali hasn't updated and is pre-loaded with 2.7.13-2 which apparently all of the tools that use it are written for. Kind of an annoying position to be in as a new guy to Python. Everyone on here said to learn 3.x, so it's a conundrum.


RE: Opinion on Python Security Books - sparkz_alot - Oct-13-2017

It's been awhile since I've used Kali, but since it is based on Debian, I would have thought that it would have some Python 3.x pre-installed in addition to the Python 2.7 (at least with the latest version of Kali). If not, it's easy enough to install following the instructions on python.org, we also have a tutorial on installing it using pyenv here https://python-forum.io/Thread-Basic-Part-1-Linux-Python-3-environment, scroll towards the end. As for the tools, it's hard to imagine (though possible) that if they are Python, that they are stuck on Python 2.  As for the scripts, it shouldn't be to difficult to convert them. As I said, though, I just started the book and haven't gotten to the actual scripts yet.


RE: Opinion on Python Security Books - phread - Oct-13-2017

Yeah, I went to double check the newest version's tools, libraries, etc - http://pkg.kali.org/pkg/python-defaults.

So it wouldn't be a problem to run both versions on the same machine? That way the built in tools can use 2.7 and I can write in 3.x?


RE: Opinion on Python Security Books - sparkz_alot - Oct-13-2017

Absolutely, in fact you can install as many versions as you would like. Python 2 would remain the default as it was the first one installed and is called by entering 'python' on the command line, additional version are called using the version number, i.e. 'python3.4', 'python3.6', etc. You would also want to include the version in your shebang line as well. You might try 'apt-cache search python3' to see if you can install it that way (you might also have to install python3-dev as well).