Rod at work (7/30/2015)
Steve, et. al., I've got to ask a clarifying question. Are you speaking about applications that are outward facing? Perhaps what you're saying may not apply to in-house only applications?
I think you need to code securely (and config securely) as much as possible. Plenty of the breaches have occurred because one machine lets an attacker in and they then move through internal systems. Assuming those are protected is a bad idea.