Misuse case testing tries to evaluate software from the perspective of an attacker. It is closely related to penetration testing, but should be performed at different stages of the software development process. In this video, learn how developers attempt many of the same software abuses that attackers will try once the software is deployed in production.
- [Instructor] Most software testing…makes a crucial assumption,…that users will behave in expected ways.…This is sometimes a reasonable assumption…when testing software to make sure…that it meets basic business requirements.…However, it's a dangerous assumption to make…when evaluating the security of software.…Attackers will not behave in an expected manner…or follow the rules and conventions…that you set out for your software.…Instead, they will fold, spindle and mutilate…your software, pushing it's boundaries…and trying to force it to fail.…
In those failures, hackers find critical security flaws…that allow them to gain privileged access…to a system, disrupt authorized user activity…or perform other malicious actions.…Misuse case testing tries to evaluate software…from the perspective of the attacker.…Misuse case testing is closely related…to penetration testing…and should be performed at different stages…of the software development process.…In misuse case testing,…developers attempt many of the same software abuses…
- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. Risk Management
2. Threat Modeling
3. Threat Assessment
4. Remediating Vulnerabilites
5. Security Monitoring
6. Software Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.