Misuse case testing

- [Instructor] Most software testing…makes a crucial assumption,…that users will behave in expected ways.…This is sometimes a reasonable assumption…when testing software to make sure…that it meets basic business requirements.…However, it's a dangerous assumption to make…when evaluating the security of software.…Attackers will not behave in an expected manner…or follow the rules and conventions…that you set out for your software.…Instead, they will fold, spindle and mutilate…your software, pushing it's boundaries…and trying to force it to fail.…

In those failures, hackers find critical security flaws…that allow them to gain privileged access…to a system, disrupt authorized user activity…or perform other malicious actions.…Misuse case testing tries to evaluate software…from the perspective of the attacker.…Misuse case testing is closely related…to penetration testing…and should be performed at different stages…of the software development process.…In misuse case testing,…developers attempt many of the same software abuses…