So I've recently got my first dev job (hurrah!) And will be starting in a few weeks time. I'm lucky enough to be simply changing roles in the same company so it's given me the opportunity to look at source code and current setup before starting.

In this new role it will be a case of creating new applications and converting existing PHP and MVC applications to .NET Core in a bid to standardise the technology we use.

All the applications we use currently are internal intranet applications using Active Directory to authenticate users and looking at the code, it looks as though security hasn't been looked at at all so either it isn't necessary or our applications are a security risk.

So my question is, in an internal environment, are there certain recommendations for security? Should security be dealt with as if it was an external application? Or is the internal network/firewall and domain security sufficient (assuming correct setup etc).

Hope that makes sense, any help greatly appreciated.