Input sanitisation / validation
Planning for contingencies
Anticipating misuse
e.g. sql injection attack
Authentication