Defensive Design

Input sanitisation / validation

Planning for contingencies

Anticipating misuse

e.g. sql injection attack

Authentication