diff --git a/Exercise/Writeup/lab02.md b/Exercise/Writeup/lab02.md
new file mode 100644
index 0000000..f2c64e9
--- /dev/null
+++ b/Exercise/Writeup/lab02.md
@@ -0,0 +1,28 @@
+# Lab 2: Secure Software Design
+
+[WriteMd](https://writemd.rz.tuhh.de/876-Mxb3SeupKelDQ7eTvA?view)
+
+## Security Requirements
+
+Security Pattern [Catalog](https://people.cs.kuleuven.be/~koen.yskout/icse15/catalog.pdf).
+
+### Security Requirement Analysis
+
+| Task | Title | Pattern idea | Tactics |
+| - | -------- | -------- | -------- |
+| A | Enforce Password Policy, Single sign-on, Strong Authentication, Smart Cards | Credential Tokenizer, Single Sign-on, (Single Access Point) | Authenticate Users, Limit Exposure |
+| B | User data disclosure and write protection | Encrypted Storage |
+| C | Isolation of critical and non-critical domains | Server Sandbox, (DMZ) |
+| D | Do not require login on every transaction | Session, Load Balancing (-> JWT) |
+| E | Bank Clerk Operation Tracking | Secure Logger |
+| F | Bank Account Information Privacy, Transaction Authorization | MFA, Fraud Detection |
+| G | Mobile Device Communication Security | PKI, Public-Private Key Encryption -> Secure Pipe |
+
+## Security Tactics
+
+Possible exam question: Name the differences between patterns and tactics and name a few of each category.
+
+*aka. goals*
+
+## Security Patterns
+*e. g. SSO, MFA, OTP*