from Hacker News

Ask HN: Most secure language for a CRUD app?

by realcorvus on 8/5/23, 5:52 PM with 5 comments

What is the most secure language/framework for creating a new CRUD (create, read, update, delete) web application? Think of a brand new banking portal, which will be threat modeled, pen-tested, etc. I have a few ideas of my own about this, but want to ask here. Most of the infosec resources I've found are about vulnerabilities, not much info on what languages are better for security.

  • by brianpan on 8/5/23, 7:17 PM

    The most secure language is any language the developers know how to secure and has libraries that are maintained.

  • by mikewarot on 8/6/23, 3:06 PM

    The real security comes from carefully controlling the possible side effects on the host side as completely as possible. The process on the server that is running this should have access to only the files or services required to complete the task, and nothing else.

    Containerize, run in a virtual environment, etc... assume Satan himself gets to tweak your source code... does the environment that it runs within guarantee you won't have a disaster on your hands?

    Applications can't deliver security, it's the Operating System's job to do that.

  • by 005 on 8/6/23, 5:29 AM

  • by giaour on 8/6/23, 1:24 PM

    Choose whatever language you're most comfortable/familiar with so long as it's not C or C++.