You've been asked to review the security of a newly developed internal web application before broader employee rollout. The goal is to determine whether it is safe to launch, what risks need to be addressed first, and what level of assurance is appropriate for an internal tool.
Walk me through how you would conduct a security assessment on a newly developed internal web application.