I am doing a risk assessment and some techie keeps hitting me with terminology that I need some clarity on. Basically I am going through all my web apps and running a standard set of tests against them. I keep getting told that "host based" systems are also at risk, which yes fair enough any type of app is but I am not 100% sure what people mean when they say host based system. Am i right in thinking that host based means its a system that is hosted on a non public server (with a private IP) and that is only accessible to a limited population of users, i.e. ip range being our private ip addresses inside our LAN? Am I right in assuming this? No links please experts..