From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Misuse case testing
From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing
Misuse case testing
- [Instructor] Some software testing makes a crucial assumption, that users will behave in expected ways. Now, this is sometimes reasonable when you're testing software to make sure that it meets basic business requirements. However, it's a dangerous assumption to make when evaluating the security of software. Attackers will not behave in an expected manner or follow the rules and conventions that you set out for your software. Instead, they're going to fold, spindle, and mutilate your software, pushing its boundaries and trying to force it to fail. In those failures, hackers find crucial security flaws that allow them to gain privileged access to a system, disrupt authorized user activity, or perform other malicious actions. Misuse case testing tries to evaluate software from the perspective of this attacker. Misuse case testing is closely related to penetration testing, but it's performed at different stages of the…