What is Misuse case?

Understanding Misuse case

A use case from the point of view of an actor hostile to the system under design. A misuse case describes how an attacker might deliberately misuse a system helping identify threats vulnerabilities and security requirements during the design phase. It inverts the traditional use case approach by focusing on malicious rather than legitimate user goals and interactions. This technique is part of threat modeling methodologies and secure development practices. Organizations implement misuse cases during the requirements and design phases of system development complementing security requirements with scenarios describing how attackers might target the system. For example during the design of an e-commerce application developers might create misuse cases describing how attackers could attempt to manipulate prices exploit checkout processes or access other users orders then design appropriate controls to prevent these attack scenarios. Related terms Threat modeling Abuse case Attack scenario Security requirements Secure SDLC Risk assessment Attack tree.