Secure design principles (SDPs) are employed to be a solution against many types of attacks. However, it has been shown that software developers are not familiar with the notion of SDPs or do not know how to implement them in the design stage. This paper tries to bridge this gap by applying SDPs to a real-world software project, electronic promotion system (ePS), and commenting on the contribution of each SDP. Saltzer and Schroeder's eight principles, along with three additional principles proposed by others, are chosen to be applied to ePS. The results indicate that most of the principles enumerated here were instrumental and applied in the ePS's design. Most of the eleven SDPs, economy of mechanism, fail-safe defaults, least privilege, least common mechanisms, sound authentication, defense in depth, and input validation were implemented on ePS to a great extent. Others, namely separation of privileges and psychological acceptability, were applied to a limited extent. The remaining two principles, complete mediation and open design, did not play a vital role, as ePS by itself satisfies these two principles. Some contradictions and interrelations among the SDPs when they were applied were also debated. Taking into account the integration of ePS with other enterprise systems in the same organization, it was felt placing SDPs in a general context would be beneficial and sufficient. This work will bridge the gap between software practitioners and state-of-the-art research on software SDPs.