I know security is pretty important for the web application, but what about windows applications running in a corporate environment, network, not accessible from outside.

Do we need to treat security issues as “high” there, or because that is running in a safe environment, it does not matter much?

Let’s say a Windows Forms (.net) application running on a user’s machine in the corporate network and it has something like this issue

**CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)**

If that is a web application, I understand the risk is super high. But in the case of the windows app, should it be fixed or just ignored, especially if we consider the cost associated with fixing it?

Share This Discussion

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.