From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Misuse case testing

Misuse case testing

From the course: CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security

Start my 1-month free trial

Misuse case testing

- [Instructor] Most software testing makes a crucial assumption, that users will behave in expected ways. This is sometimes a reasonable assumption when testing software to make sure that it meets basic business requirements. However, it's a dangerous assumption to make when evaluating the security of software. Attackers will not behave in an expected manner or follow the rules and conventions that you set out for your software. Instead, they will fold, spindle, and mutilate your software, pushing its boundaries and trying to force it to fail. In those failures, hackers find critical security flaws that allow them to gain privileged access to a system, disrupt authorized user activity, or perform other malicious actions. Misuse case testing tries to evaluate software from the perspective of the attacker. Misuse case testing is closely related to penetration testing and should be performed at different stages of the…

Contents