A Method for Developing Abuse Cases and Its Evaluation

  title={A Method for Developing Abuse Cases and Its Evaluation},
  author={I. Williams and X. Yuan and J. McDonald and Mohd Anwar},
  journal={J. Softw.},
To develop secure software, software engineers need to have the mindset of attackers. Developing abuse cases can help software engineers to think more like attackers. This paper describes a method for developing abuse cases based on threat modeling, attack patterns, and Common Weakness Enumeration. The method also includes ranking the abuse cases according to their risks. This method intends to help non-experts create abuse cases following a specific process, and leveraging the knowledge bases… Expand
4 Citations
Improving Penetration Testing Methodologies for Security-Based Risk Assessment
  • 4
Creating Abuse Cases Based on Attack Patterns: A User Study
Vulnerability Studies and Security Postures of IoT Devices: A Smart Home Case Study
  • 5


Developing Abuse Cases Based on Threat Modeling and Attack Patterns
  • 15
  • PDF
Retrieving relevant CAPEC attack patterns for secure software development
  • 11
Combining Misuse Cases with Attack Trees and Security Activity Models
  • 48
Using abuse case models for security requirements analysis
  • J. McDermott, C. Fox
  • Computer Science
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
  • 1999
  • 491
  • PDF
How can the developer benefit from security modeling?
  • 22
Building secure software: how to avoid security problems the right way
  • 477
Software Security: Building Security In
  • G. McGraw
  • Engineering, Computer Science
  • 2006 17th International Symposium on Software Reliability Engineering
  • 2006
  • 737
  • Highly Influential
Misuse and Abuse Cases: Getting Past the Positive
  • 84
  • PDF
Misuse Cases: Use Cases with Hostile Intent
  • 368
  • PDF