From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Misuse case testing
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security
Misuse case testing
- [Instructor] Most software testing makes a crucial assumption, that users will behave in expected ways. This is sometimes a reasonable assumption when testing software to make sure that it meets basic business requirements. However, it's a dangerous assumption to make when evaluating the security of software. Attackers will not behave in an expected manner or follow the rules and conventions that you set out for your software. Instead, they will fold, spindle, and mutilate your software, pushing its boundaries and trying to force it to fail. In those failures, hackers find critical security flaws that allow them to gain privileged access to a system, disrupt authorized user activity, or perform other malicious actions. Misuse case testing tries to evaluate software from the perspective of the attacker. Misuse case testing is closely related to penetration testing and should be performed at different stages of the…