A common question many beginners have is if knowing how to code is required for pentesters and if yes, which language.
I am a huge proponent of doing actual projects and learning as I go. Theoretical learning is good only if you immediately apply it, otherwise, there is a high chance you will not retain most of what you have learned.
The easiest project for pentesters to start is one of the multiple premade vulnerable machines like the ones provided by TryHackMe or HackTheBox. Portswiggers Academy has a lot of good labs if your concentration is WebApp pentesting. You start the projects and fill the pieces of a puzzle as you go. For example in one of my very first vulnerable THM rooms, I had to completely pivot from the lab and do the full Nmap lab to be able to use the tool. While it significantly extended my time of lab completion the most important thing is learning applicable knowledge. And my way of doing it proved to be extremely effective.
When trying to use Cross-Site Scripting (XSS) you need to have a basic understanding of javascript. When I first started my journey my main problem in triggering the basic XSS vulnerabilities like “Reflected XSS into HTML context with nothing encoded” was my lack of understanding of js syntax. The same goes for SQL injection vulnerabilities, you need to understand the basics of SQL to test for the vulnerability.
Coding is a very good skill to have, but if you are starting your path as a pentester, red teamer, or blue teamer, you don’t need to jump straight into learning Java Scrips, SQL, Python, or anything else. The path of your studying will inevitably force you to learn the basics of a variety of languages and farther down the road you will have to expand on the basics on an as-needed basis.