Software security is a growing concern nowadays, leading to the increasing adoption of a secure by design approach to software development. In such approach, software systems are designed from the ground up to be resilient against attacks. In spite of the growing efforts into addressing security concerns early on during software development, mistakes can be made that lead to vulnerabilities. This tutorial will cover several examples of these mistakes (“software weaknesses”) that can occur during software design as well as during implementation, maintenance, and testing. It will also explain current state-of-the-art in software security research aimed at helping secure by design software development.