SBN

Interview with Sonar Python Developers Part 1

As part of our Sonar celebration of all things Python during April we took the opportunity to sit down with three of our Python developers and pose questions that were submitted by our Community. Here is part one of this series.

Why should I learn Python now?

Quazi Nafiul Islam

Learning Python is a wise choice right now due to its popularity, demand, and versatility in applications like web development, data analysis, AI, and machine learning. Its readability and simplicity make it beginner-friendly, while its extensive libraries and frameworks facilitate a wide range of tasks. The diverse Python community offers abundant resources, tutorials, and support. As a skill with enduring relevance, Python ensures a solid foundation for emerging career opportunities, and its cross-platform compatibility allows for seamless work across different operating systems.

Moreover, Python continues to adapt and expand into new areas. Even front-end development, which traditionally lacked comprehensive support within the Python ecosystem, now benefits from tools like PyScript (which is funded by Anaconda, the company behind numpy). This innovative solution enables developers to create front-end applications using Python, something that I personally never thought would happen.

Cheng Chen

First, Python is one of the most popular programming languages in the world. If you are new to programming languages in general, then Python is a very good choice. It is beginner-friendly with a more intuitive syntax and you can easily find a ton of resources to help you! If you are an experienced programmer in other languages, then learning Python is a piece of cake, and you will love it as your new powerful weapon in your battles!

And, with chatGPT having created a lot of buzz recently if you are interested in machine learning (ML) and artificial intelligence (AI), then Python is also a must, as it is the most popular language in this domain.

Yaniv Nizry

Python is probably the most straightforward programming language to learn, it's simple and yet very powerful. Thanks to the fact that Python is an interpreted language there is no overhead of compiling and setting up projects/environments. Over the years I've seen Python being used from the smallest scripts to a whole backend infrastructure. Regarding code security, Python has little to no unintuitive quirks that might cause unexpected vulnerabilities such as prototype pollution in JS, type juggling in PHP, memory handling in C, and more.

On top of that due to the popularity of the language, the number of open-source code\examples is huge, so if you run into some problems there is most likely an answer for it online with code snippets.

What are the best use cases for Python, and which are a better fit for another language?

Quazi Nafiul Islam

I must admit that my response may be biased, however, I will give it a shot. Python is by far the best language to teach people programming. Take a look at the following code:

print("Hello, World!")

In one line, you can introduce someone to the joy of programming. In contrast with a programming language like Java, you'd need to instantiate a class, create a `main` method, and then you'd need to use a module's method in order to print something out to the terminal.

Python has powerful data analysis libraries such as Pandas and Matplotlib, and they work well with each other. Here is an example of how you can extract data from a CSV (you can also extract it from a TSV or an Excel file) and then generate a plot with that data:

import pandas as pd
import matplotlib.pyplot as plt

data = pd.read_csv("data.csv")
data.plot(x="date", y="orders")
plt.show()

And although I don't work with machine learning libraries, Python has them by the bucketload, with PyTorch, Tensorflow, and even specialized libraries such as Keras and nltk.

For Web Development, Python continues to provide an easy-to-use interface for creating APIs and web applications with libraries like FastAPI and Django respectively. Both of these libraries have excellent documentation and they are very beginner friendly. Here's what creating a simple endpoint looks like in FastAPI:

from fastapi import FastAPI

app = FastAPI()


@app.get("/")
async def root():
    return {"message": "Hello World"}

These are just a few but there's also network engineering and automation that Python is excellent at.

However, there are a few places where you might want to use other languages. For high-performance multi-threaded applications, you would be wise to choose C, C++, or Rust for example, since they offer better control over low-level resources. Mobile development is almost exclusively done in their respective platform languages, so Swift for iOS and Java/Kotlin for Android development. So yes, while Python is great at a lot of things, it is not the best at everything; no language can be the best in every domain.

Cheng Chen

Python is a very versatile language that can cover many use cases. From small tasks such as quickly analyzing some data in your spreadsheet, to automatically scraping the web for today's news headlines, to bigger things like building web applications or doing some serious data science work (wanna train a fancy ML model to predict the stock market tomorrow based on the news headlines that you just scraped?)… Python nails all those tasks!

Python also comes with the Jupyter notebook, which is a great way to convey your idea, because you can combine the code and outputs (e.g. graphics) together and tell your story!

Once in our R&D team, we needed to come up with a mathematical equation to determine the "hotness" of an innovation idea based on criteria such as impact, feasibility, and applicability. With Samuele Buro, we solved the problem using Python. That was a lot of fun!

Python is extremely efficient in terms of development (e.g. implementing ideas). On the other hand, being an interpreted language, it is not the most efficient at runtime. Therefore, if you develop some time-critical applications, you might want to choose one of the compiled languages. Also, as a high-level language, Python is not the best choice for low-level programming tasks such as device drivers or embedded systems. In those cases, you might want to use languages such as C (or even the quaint grandma assembly? 🙂 ).

Yaniv Nizry

We can use Python for pretty much everything, as I said before I've seen Python being used from the smallest scripts to a whole backend infrastructure. As far as I'm concerned when it comes to ML and Data Science Python is the way to go. As security researchers, we use Python to write exploit scripts. Personally, every time I need anything a code can fix I'll use Python thanks to the fact that there is no setup and compilation involved. For example, I need to have a string that contains the letter 'a' 255 times, so I will open IDLE and write "a"*255. 

Each language has its own benefits, and of course, there is a better fit for other languages in different use cases. Writing browser client-side code will be in JS, drivers, or kernel modules using low-level code such as C, etc.

Part 1 Summary

Thanks to Nafiul, Cheng, and Yaniv, three very different Python users, at different stages in their Python journey. We learned why they feel developers should learn Python and the wide range of use cases that it can be applied to, and acknowledged a few where other languages are a better fit.

Stay tuned for part 2 where we will ask our developers their thoughts on the maturity of Python tooling, plus a recent change in Python that excites them (including code snippets!)

Bios

Nafiul Islam, programming since 14, has a decade of software experience. Adept in Python and exploring Rust, he authored "Mastering PyCharm" at 21. Nafiul has spoken at global Python conferences and held positions at JetBrains and Microsoft. In his free time, he loves reading fantasy novels. Follow him @gamesbrainiac on Twitter.

Cheng Chen trained as a computer scientist, Cheng has been working in machine learning and artificial intelligence since 15 years ago in different industry branches such as computer vision, FMCG, digital manufacturing, and biometrics. He recently joined Sonar to explore ML for code analysis.

Yaniv Nizry is a Vulnerability Researcher at Sonar where he leverages his expertise to identify and mitigate vulnerabilities in complex systems. Starting his way as a software engineer, he shifted his focus while serving in the IDF's 8200 unit, where he gained experience in both offensive and defensive cybersecurity tactics.

Enjoy all things Python, and want more? Register now for our upcoming webinar Clean Code for your Python projects, with Nafiul Islam – Wednesday, May 10th – 5PM CEST / 10 AM CDT.

*** This is a Security Bloggers Network syndicated blog from Blog RSS feed authored by Andrew Osborne. Read the original post at: https://www.sonarsource.com/blog/interview-with-sonar-python-developers-part-1/