diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 00000000..2d01d656
Binary files /dev/null and b/.DS_Store differ
diff --git a/README.md b/README.md
index 2c2f2dbc..13248a9c 100644
--- a/README.md
+++ b/README.md
@@ -1567,12 +1567,24 @@ Security is a broad topic.  Unless you have considerable experience, a security
 * Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection).
 * Use parameterized queries to prevent SQL injection.
 * Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege).
+* Threat Model with [STRIDE from Microsoft](https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats)
+* Rate Limit Requests to mitigate service distruption and [DDOS](https://catalog.us-east-1.prod.workshops.aws/workshops/4d0b27bc-9f48-4356-8242-d13ca057fff2/en-US/application-layer-defense/rate-based-rules#:~:text=You%20are%20able%20to%20set,the%20protection%20from%20HTTP%20floods).
+* Implement a [Web Application Firewall to protect web applications from Exploits](https://aws.amazon.com/waf/)
+* If Service A trusts Service B and B Trusts Service C: Service A should not explicitly trust Service A
+* Implement a Silo, Pool or Bridge model for [Multi-Tenancy SaaS Applications](https://docs.aws.amazon.com/whitepapers/latest/saas-architecture-fundamentals/tenant-isolation.html)
+* Security by Obscurity is Okay and Good but it should not be counted on ex: [Port Knocking](https://en.wikipedia.org/wiki/Port_knocking)
+* [Security Architecture Design Principles](https://www.youtube.com/watch?v=443KZj-qjI8&t=756s)
+* Compromise Recording - All control plane activity should be logged and monitored. 
+* Fail Safe Defaults: When a mechanism fails it should Fail Close. Example: If the Logging system is full then no additional traffic should be allowed, because an attacker may artificially fill up the log.
+
+
 
 ### Source(s) and further reading
 
 * [API security checklist](https://github.com/shieldfy/API-Security-Checklist)
 * [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
 * [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)
+* [ATT&CK Matrix](https://attack.mitre.org/)
 
 ## Appendix
 
diff --git a/solutions/.DS_Store b/solutions/.DS_Store
new file mode 100644
index 00000000..513107bb
Binary files /dev/null and b/solutions/.DS_Store differ