Ok gang here is a new one for you to ponder on.


My company recently bought another company. This other company has a fairly large and complex web application that is written almost entirely in javascript. Now I have always heard that javascript is a bad idea from a security standpoint, but I can find no documentation to back this up. I have seen next to nothing on javascript within a security discussion. I have however found plenty of discussion about why javascript is bad from a development point of view and why new technologies out there are better... but still nothing on the security point.


So, if anyone here is familiar with why javascript is a bad idea from securities standpoint PLEASE help me out here.


Some background on this application. It's a finianical application, but not for end users. Banks use this app to do queries to a ************* database and to update transaction information in this database. Most of the time this is a closed network with only specific frame access to it, but there is also a web based component (which is the application in question) that can be used. This "opens" the network up a bit and allows banks to use the internet to transmit this information, via HTTPS of course.