1 Respuesta
+ 2
Depends on what type of security you want to get into.
General Pentesting: Python or something higher level. Lots of library and tool usage (i.e. scapy, nping, nmap, metasploit)
Application Security: Learn frameworks more than languages. How to work inside of Rails, Spring, ASP, PHP stuff, etc. Common security bugs that exist in these codebases, how to fix them, and how to recognize them. It is more important here HOW things work not how to make really big things work. There are tools that you need to know how to use too, like Burp or some kind of HTTP proxy.
Exploit Development/Reversing: Goes without saying you need to know C very well. You also need to know Assembly very well and how to navigate around the OS. How windows exploits work from the basics like finding kernel32.dll to bypassing ASLR and other types of exploitation techniques. Fuzzing, etc. This probably has the highest bar of entry.
Your side note, how many programming languages do you need to be successful. The answer is a minimum of 1 if you know everything about it. You can add a lot of value doing things like AppSec Consulting for Java if you know a ton about securing Java frameworks.