These vulnerabilities are also a consequence of the non-adherence of security best practices while designing an application. Insecure design vulnerabilities arise when developers, QA, and/or security teams fail to anticipate and evaluate threats during the code design phase. What are Insecure Design Vulnerabilities? While the Insecure design flaw is a new entrant to the OWASP top 10, it ranks number four on the 2021 list since mitigating risks at the design phase is considered fundamental toward ‘ Shift Left’ security practices. A quick point to note here is that an insecure design differs from an insecure implementation, and a near-perfect implementation cannot prevent defects arising from an insecure design. Insecure design encompasses various risks that arise from ignoring design and architectural best practices, starting from the planning phase before actual implementation. This article discusses insecure design flaws, potential impacts, and mitigation strategies. Lack of effective security controls in the design phase often results in an application being susceptible to many weaknesses, collectively known as insecure design vulnerabilities. When designing applications, developers are recommended to use secure design patterns, diligently planned threat modeling, and reference architectures that keep the application free of security gaps.