Python for Security Study Plan
This page pairs the site's Python for Cybersecurity guide with the hands-on, code-along jassics/python-for-cybersecurity repository. Unlike the other study plans (which are synced from jassics/security-study-plan), this one is original - built directly from that repo's structure so you can follow along file by file.
Also check the Common Security Skills study plan first if you haven't already.
In Short
- You don't need to be a "software engineer" - you need to be able to read, adapt, and write small scripts that solve a security problem fast.
- Every script you write should map to something you'd actually do on the job: scan a host, parse a log, hit an API, automate a repetitive check.
- Practice by cloning python-for-cybersecurity and working through it top to bottom -
basic_concepts/→exercises/→real_world_examples/→web_security/andcryptography/.
ToC
- Python Fundamentals - 2-3 weeks
- Exercises - Building Logic - 1-2 weeks
- Real-World Automation Scripts - 2 weeks
- Python for Web Security - 2 weeks
- Python for Cryptography - 1 week
- Security-Specific Libraries
- Books, Videos & Courses
- Interview Questions
Python Fundamentals
Duration: 2-3 weeks
Week 1-3: Language Basics
Work through the basic_concepts/ folder of the repo in order - it's built as a numbered progression:
- Core syntax -
0-hello-world.py,1-number.py, string handling (1c-string.py,1d-string-format.py,1e-string-methods.py) - Control flow -
2-if-elif-else.py, loops (2a-while-loop.py,2b-for-loop.py,2c-range.py),2d-break-continue-pass.py - Operators - arithmetic, comparison, assignment, logical, identity (
3a-3e) - Data structures -
4-data-structure.py,4a-list.py,4b-dictionary.py,4c-tuples.py,4d-sets.py - Functions -
5-function.py,5a-collection-function.py,5b-builtin-function.py - File handling and regex -
6-file-handle.py,7-regex-examples.py(regex is a daily tool for log parsing and validation) - Error handling and classes -
10-error-handling.py,11-class.py
Why this order matters for security work: file handling and regex show up constantly - parsing logs, config files, and scan output. Don't skip them to rush toward "cooler" topics.
Exercises - Building Logic
Duration: 1-2 weeks
Week 4: Problem Solving
Work through the exercises/ folder to build comfort translating a problem into code before you need speed under pressure (interviews, incident response):
isprime.py,n_prime_numbers.py,prime_range.py- algorithmic thinkingtwo_sum_index.py- common interview-style problemin_memory_db.py,in_memory_db_json.py,in_memory_db_persistent.py,in_memory_db_cmd.py- a progressively more realistic mini-project (plain dict → JSON-backed → persistent → CLI)fahrenheit_to_celcius.py,city_weather.py- working with external data/APIs
Real-World Automation Scripts
Duration: 2 weeks
Week 5-6: Practical Scripts
The real_world_examples/ folder is where this repo earns the "for cybersecurity" part of its name. Work through:
generate_password.py,generate_otp.py- secure secrets generationdownload_file_from_url.py,get_all_links.py- reconnaissance-style scriptingregex_validator.py- input validation patternsrename_files.py,pdf_manipulation.py,pdf_to_jpeg.py,heic_to_png.py- bulk file/evidence handling, useful in forensics/DFIR workflowssysinfo.py- environment/host enumerationget_gituser_details.py,linkedin_profile_views.py,linkedin_connections_details.py- OSINT-style API scriptingip-ranges.json+ related scripts - working with structured threat/network data
Job-ready exercise: pick 3 of these scripts, break them (change inputs, remove error handling) and fix them again. That's closer to real troubleshooting than writing from a blank file.
Python for Web Security
Duration: 2 weeks
Week 7-8: Web-Focused Scripting
Work through the web_security/ folder, then cross-reference with the site's API Security and OWASP Top 10 guides:
header_info.py,security_header_info.py- checking security headers (CSP, HSTS, X-Frame-Options) programmaticallysite_security_info.py- basic site security posture scriptingfake_it.py- generating test/fixture data for security testingburp_extender_plugins/- writing Burp Suite extensions in Python (once you're comfortable, this is a strong differentiator for AppSec/pentest roles)
Python for Cryptography
Duration: 1 week
Week 9: Applied Crypto in Python
crypto_basic.py- hands-on encryption/hashing basics in Python- Cross-reference with the site's Cryptography guide and the Cryptography study plan for the "why," not just the "how"
Security-Specific Libraries
Once comfortable with the fundamentals, get hands-on with the libraries covered in Python for Cybersecurity:
| Library | Use Case |
|---|---|
scapy | Packet crafting and analysis |
paramiko | SSH automation |
requests | Web/API security testing |
pycryptodome | Cryptographic operations |
python-nmap | Network scanning |
impacket | Network protocol manipulation |
Books, Videos & Courses
- Automate the Boring Stuff with Python
- Learn Python3 the Hard Way
- Python Crash Course
- Flexmind Python Videos Playlist
- Python for Everybody Specialization (Coursera)
- Crash Course on Python by Google (Coursera)
Interview Questions
Python-for-security questions frequently overlap with general Application Security and DevSecOps interview sets - review those alongside hands-on scripting practice.
Practice next: Application Security interview questions and DevSecOps interview questions, and the python-for-cybersecurity repo for code-along practice.