Insecure Design

With a good sketch of your system, it can help to apply the STRIDE model for identifying threats at each access point.

Threat Desired property
Spoofing Authenticity
Tampering Integrity
Repudiation Non-repudiability
Information Disclosure Confidentiality
Denial of Service Availability
Elevation of Privilege Authorization

Created in 1999 by two Microsoft security researchers, STRIDE remains a useful approach to categorizing potential issues.