Simon Willison’s Weblog

What are key considerations when building behind the firewall web apps?

My answer to What are key considerations when building behind the firewall web apps? on Quora

CSRF and XSS are still important: don’t leave any security vulnerabilities which might allow an evil website out on the internet to run JavaScript that steals data from your behind-the-firewall web application.