The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration. The 10, in no particular order, are:

• Earn or give, but never assume, trust
• Use an authentication mechanism that cannot be bypassed or tampered with
• Authorize after you authenticate
• Strictly separate data and control instructions, and never process control instructions received from untrusted sources
• Define an approach that ensures all data are explicitly validated
• Use cryptography correctly
• Identify sensitive data and how they should be handled
• Always consider the users
• Understand how integrating external components changes your attack surface
• Be flexible when considering future changes to objects and actors

via IEEE Guides Software Architects ToSecure Software Design | Threatpost | The first stop for security news.