Misuse case testing tries to evaluate software from the perspective of an attacker. It is closely related to penetration testing, but should be performed at different stages of the software development process. In this video, learn how developers attempt many of the same software abuses that attackers will try once the software is deployed in production.
- [Instructor] Most software testing…makes a crucial assumption,…that users will behave in expected ways.…This is sometimes a reasonable assumption…when testing software to make sure…that it meets basic business requirements.…However, it's a dangerous assumption to make…when evaluating the security of software.…Attackers will not behave in an expected manner…or follow the rules and conventions…that you set out for your software.…Instead, they will fold, spindle and mutilate…your software, pushing it's boundaries…and trying to force it to fail.…
In those failures, hackers find critical security flaws…that allow them to gain privileged access…to a system, disrupt authorized user activity…or perform other malicious actions.…Misuse case testing tries to evaluate software…from the perspective of the attacker.…Misuse case testing is closely related…to penetration testing…and should be performed at different stages…of the software development process.…In misuse case testing,…developers attempt many of the same software abuses…
Author
Updated
5/18/2018Released
1/11/2018- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Duration
Views
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
Related Courses
-
Insights from a Cybersecurity Professional
with Mike Chapple32m 15s Intermediate
-
Introduction
-
Welcome1m 26s
-
-
1. Risk Management
-
Risk management4m 52s
-
Quantitative risk assessment6m 41s
-
Risk management actions4m 3s
-
Ongoing risk management2m 26s
-
Risk management frameworks3m 47s
-
-
2. Threat Modeling
-
Identifying threats2m 21s
-
Understanding attacks4m 11s
-
-
3. Threat Assessment
-
Security assessment tools5m 21s
-
Assess threats3m 14s
-
Threat assessment techniques2m 41s
-
Penetration testing2m 36s
-
Interpreting CVSS scores3m 22s
-
Analyzing scan reports3m 59s
-
-
4. Remediating Vulnerabilites
-
Report scan results4m 43s
-
Prioritize remediation3m 46s
-
-
5. Security Monitoring
-
Monitor log files6m 20s
-
Visualization and reporting3m 22s
-
Compliance monitoring2m 45s
-
-
6. Software Testing
-
Code review2m 50s
-
Code tests2m 41s
-
Fuzz testing6m 44s
-
Interface testing3m 29s
-
Misuse case testing2m 37s
-
Test coverage analysis2m 44s
-
-
Conclusion
-
What's next?43s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Misuse case testing