Test the End-to-End Solution
When it comes to building secure distributed applications, no technology or feature is an island. A solution is the sum of its parts. Even the most detailed and well-considered design is insecure if one part of the solution is weak. As a tester, you need to find that weakest link, have it mitigated, and move on to the next-weakest link.
TIP
Keep in mind that sometimes two or more relatively secure components become insecure when combined!