The majority of enterprise systems have ongoing critical flaws (clustered around Authentication, Authorization and Identity) that fall outside the classic "Top N" lists organizations use for training and assessment. Jumping beyond the common test for “bugs” mentality, this talk discusses architecture analysis and presents patterns to secure designs addressing these critical flaws.