How much effort do you spend(or should spend) on security for none web-centric applications? -

Suppose that the app you're working on, specifically for a customer, is' in-house ', Such as data processing of payroll information, this application will not be publicly distributed and will remain only on internal networks (theoretically the internal network should be 100% secure.) This case How much is a developer on IA Will try It is said that the database is SQL, would you worry about preventing the SQL injection attack in this situation?

I would be happy to hear some feedback from developers, which is web-centric (I can not think it's a better word right now, though no web-centric is completely accurate. There is nothing or no person or nothing with those lines.) Type programs and how much they strive for security.

As an appendix, how would you do this kind of requirement on a manager type basis?

I am currently conducting a case study of 'in house' software development for IA so that any answer will be highly appreciated.

I take this approach that it does not matter whether the final use can be product, Because the application developer I am responsible for ensuring the integrity of the application and ensuring its security. It offers two definite benefits:

1. Prevents bugs that you do not already see. For example, the same code that prevents the input before the database query also ensures that the O Names like Leary will not break the normal execution of applications.
2. Prevents the malicious exploitation of # 1. About # 2, if you are working as a developer for the company and leaking system information using an employee, then it is likely that the software is being used by them The product is. If you are working for a third party who is developing the software used by this company, then if the information from the company is leaked through the security hole in your software, then it is estimated that they Where will the answers change? Either way, all of this comes to you as an applicant architect and there is a question with which the application was not much safer to start.

   I suggest that you enforce your strong security barriers and the sensitivity of the data which will protect you if it has high points for WoW then I worry less if I have an internal bank The application was developing.