Ask HN: Most secure language for a CRUD app?

4 pointsrealcorvus2y ago5 comments

What is the most secure language/framework for creating a new CRUD (create, read, update, delete) web application? Think of a brand new banking portal, which will be threat modeled, pen-tested, etc. I have a few ideas of my own about this, but want to ask here. Most of the infosec resources I've found are about vulnerabilities, not much info on what languages are better for security.

5 comments

5 comments · 4 top-level

brianpan2y ago· 1 in thread

The most secure language is any language the developers know how to secure and has libraries that are maintained.

stop502y ago

And the application has people who know the sourcecode.

mikewarot2y ago

The real security comes from carefully controlling the possible side effects on the host side as completely as possible. The process on the server that is running this should have access to only the files or services required to complete the task, and nothing else.

Containerize, run in a virtual environment, etc... assume Satan himself gets to tweak your source code... does the environment that it runs within guarantee you won't have a disaster on your hands?

Applications can't deliver security, it's the Operating System's job to do that.

0052y ago

https://github.com/kelseyhightower/nocode

giaour2y ago

Choose whatever language you're most comfortable/familiar with so long as it's not C or C++.

j / k navigate · click thread line to collapse