Security antipatterns are common insecure application design practices. Without realizing it, such patterns “leave land mines” in the application’s core, which leads to recurring vulnerabilities and security issues. Meanwhile, all that patching can cost a fortune, especially in mature services.

Learning to recognize and avoid antipatterns in application design is an important skill that allows to successfully perform security design reviews and threat modeling sessions.

The report examines the most common antipatterns encountered in large web applications. It also shows what problems and vulnerabilities are caused by such antipatterns.

The report will be of interest to AppSec specialists, architects, and web application developers, whose area of responsibility includes creating and designing service architectures.