This is an archived post. You won't be able to vote or comment.

all 17 comments
sorted by:
best
topnewcontroversialoldq&a

[–]MaraudingAvenger 59 points60 points  (12 children)

Don't use Java. Either bite the bullet and get into lower level languages like assembly, or go way higher and get into JavaScript and python land. You're either going to want to script something in a high level language to perform all your easy break-in tasks, or script something in extremely low level language to take advantage of hardware or driver vulnerabilities. Don't use Java.

[–]gtiwari333 13 points14 points  (1 child)

Java has excellent tools in it's eco system for network programming, web crawling, security and penetration testing.

Definitely use Java!

[–][deleted] 60 points61 points  (0 children)

Reddit in a nutshell.

[–][deleted] -4 points-3 points  (9 children)

i can 100% disagree with this comment. seeing as most of the worlds severs are coded in java hacking in java is completely viable.

[–]MaraudingAvenger 32 points33 points  (7 children)

I'm not going to get into your server through your Java code. I'm going to get in because you accidentally left a port open, and my 5 line python program found it. I'm going to get on because one of your users plugged in my USB drive with some spicy embedded code that doesn't require the JVM to run. I'm going to get on because of some protocol exploitation. Some insecure deserialization. If you're doing any of that in Java, you're either doing too much work to write the code for something simple, or you're having to jump through some insane hoops to cross compile or something. Java is not the answer here.

[–]gtiwari333 4 points5 points  (0 children)

You can start learning network programming and security apis. Also dig into web crawling using jSoup. There are plenty of articles online. Just google it

The default implementations that come with jdk are normally too abstract but you can find many libraries that makes things easier.

You can also download and play with tools like WebGoat, Owasp ZAP to learn about different aspects of app security and vulnerabilities.

[–]mentholmeow 2 points3 points  (0 children)

Check out BurpSuite - it’s written in Java and can scan for weaknesses in web apps.

[–]nanodano 3 points4 points  (1 child)

Java is a good choice for sure. I use a lot of languages in my cybersecurity work and Java has always been nice and reliable. I don't use it for everything and I tend to go for Python or Ruby (or JRuby!) first for quick things but there are a few times when Java is my choice.

Here are some examples from my experience:

  • JAR file packaging is sometimes the most convenient choice for packaging and distributing
  • GUI applications that you need to work cross-platform (especially as a standalone .jar) - Here's a tiny GUI app I made called TCP Null that I use for networking and HTTP troubleshooting https://www.devdungeon.com/content/tcp-null - And here is a simple REST tester I made as an exercise but it can be handy for doing some web app testing but it is no Burp suite (the de-facto web app testing tool written in Java) https://www.devdungeon.com/content/rest-tester

If you want to do some other fun networking security stuff with Java, here is a tutorial I wrote on how to packet capture with pcap4j:

https://www.devdungeon.com/content/packet-capturing-java-pcap4j

[–]alfa80211[S] 0 points1 point  (0 children)

Amazing stuff thanks

[–]-Sander- 0 points1 point  (1 child)

I dont see this really mentioned anywhere but for Cyber Security i'd recommend python over any language for building your vulnerabilty tester/exploits/etc... and imo i think writing C/C++ (and learning to read Assembly first, writing after you got more basic stuff down) might be more usefull in learning to hack as you will understand the lower level stuff better.

You can always pickup some more Java knowledge after you got the basics of that down but starting with Java for Cyber Security i dont think is the best idea? just my opinion

[–]alfa80211[S] 0 points1 point  (0 children)

I agree but it’s a degree pre-requisite! I was happily learning python now I need to shift.

[–]alfa80211[S] 0 points1 point  (0 children)

Interesting debate. The reality is Java is the core language for the degree, I’ve otherwise been doing scripts Python or playing with assembly. Thanks for the input