What is the most secure language/framework for creating a new CRUD (create, read, update, delete) web application? Think of a brand new banking portal, which will be threat modeled, pen-tested, etc. I have a few ideas of my own about this, but want to ask here. Most of the infosec resources I've found are about vulnerabilities, not much info on what languages are better for security.
The real security comes from carefully controlling the possible side effects on the host side as completely as possible. The process on the server that is running this should have access to <i>only</i> the files or services required to complete the task, and nothing else.<p>Containerize, run in a virtual environment, etc... assume Satan himself gets to tweak your source code... does the environment that it runs within guarantee you won't have a disaster on your hands?<p>Applications can't deliver security, it's the Operating System's job to do that.