Abstract :
The software development industry often brings in security at the eleventh hour, right before developers throw the code over the wall - that is, deploy it into production - and asks, "Well, is it secure?" At this point, hilarity - for the objective observers, anyhow - ensues as security personnel work feverishly to shove crypto, firewalls, and all the other mechanisms at their disposal into the most egregious risk areas. To combat this antipattern, the software security discipline has worked to instantiate itself closer to the beginning of the software development life cycle (SDLC). After signing off on a software project, use cases represent the earliest opportunity for involvement. Misuse cases; prescribe one such way for security to involve itself in early brainstorming. That article outlined misuse cases as a way to help analysts characterize what misuses or abuses attackers could promulgate against a system. This article extends this outline to how to create useful misuse cases within the development process
Keywords :
DP industry; risk analysis; security of data; software development management; firewalls; misuse cases; security personnel; software development industry; software development life cycle; software security discipline; use cases; Authentication; Authorization; Computer aided software engineering; Computer architecture; Computer security; Data security; Databases; Feedback; Internet; Privacy; misuse cases; software development life cycle; use cases;
