Insecure design is, as the name implies, where the vulnerability is as a result of flawed design rather than flawed implementation. As an example, let's imagine an app with a "Forgot your Password" button. When clicked, the user is asked a security question (e.g. "What was your paternal grandmother's first name?"). This is insecure design: a hacker might know the user's grandmother's name. Knowing the name does not authenticate the user. However well this design is implemented, it is still insecure.
Preventing Insecure Design
Unit and integration test misuse of your application
Create or identify a set of secure design patterns for your product to use
Integrate security language and controls into user stories
Limit resource consumption by user or service (e.g. rate limiting)