Insecure Design

With a good sketch of your system, it can help to apply the STRIDE model for identifying threats at each access point.

ThreatDesired property
SpoofingAuthenticity
TamperingIntegrity
RepudiationNon-repudiability
Information DisclosureConfidentiality
Denial of ServiceAvailability
Elevation of PrivilegeAuthorization

Created in 1999 by two Microsoft security researchers, STRIDE remains a useful approach to categorizing potential issues.