Over time, experienced security professionals see the same programming mistakes occur over and over again. In application security, these are usually found either in the design of the software or in the way that this design is implemented—in how the code is written.