Security and defensive programming?

The first day of SDWEST, I attended tutorial on security and defensive programming by Jim DelGrosso. I'm not quite sure that I was part of the appropriate audience, but only because most of what he talked about didn't really apply directly to what I do. Since I'm primarily developing Java code for internal applications, I can generally trust the user of the application to not be malicious. It was a very interesting presentation and I would recommend it to any developer who hasn't thought much about security and personal information protection on their own machines. There were lots of little gotchas for websites that had never even occurred to me. But as part of my work, I wouldn't run into any of them generally. At the end, he had lots of good points about how to think defensively when coding and I like the recommendation to use unit tests to test security behaviors as well as correct behavior for valid inputs.
Jim provided a decent presentation that as a result of working on Java programs for internal work just doesn't apply to me most of the time.