Potential threats in the system can be detected by threat modeling, and methods to defense those threats shall be considered at the time of software architecture design, i.e. How to realize the access control? How to filter users’ input data? To increase the stability of security functions and reduce development costs, existing security libraries and security API, rather than redeveloped ones, shall be chosen as far as possible.
Some security libraries and security API: