OWASP and application threat modeling

Common risk classes (e.g. OWASP Top 10) and attack scenarios in requirements and architecture.