The purpose of this assignment is to understand how to apply security and quality checks to requirements gathered for a software development project.
Review the Requirements.doc file to learn about the requirements gathered for a new software development project.
Generate a list of bad actors for the use case. Describe whom you identified as a threat and what his or her motive might be.
Identify any weaknesses you see in the proposed software design, in terms of quality or security.
Generate a list of threats/attacks that might be used against the current use case. (See page 123 in the text, the SANS Top 20 list, and other online references for additional help in identifying attacks.)
Describe the possible impact(s) of each threat in your list.
Order your list of threats from greatest impact to least.
Choose one of the threats from your list and create a misuse case describing the possible actor(s), the actor’s possible motivations, the vulnerability/weakness targeted, possible threat(s), possible impact(s) of the threat, and ways in which the threat could be executed. Attempt to describe any possible remediation or countermeasures that could be applied to the use case to counter the threat.
Use the following four section headings in your document to address the items above:
Bad Actor(s) and Motivation(s) (bullet list or two-column table)
Potential Weaknesses (bullet list)
Possible Threats/Attacks and their Impact, ordered from greatest impact to least (#1 is greatest impact – use a table with order number in the first column, threat/attack in the second column, and description of impact(s) in the third column)
Misuse Case (include the following subheadings – note this can be text only, no diagram required)
Possible Actor(s) and Motivation(s)
Vulnerability/Weakness Targeted
Possible Threat(s)
Possible Impact(s) of the Threat(s)
Ways the Threat(s) could be Executed
Possible Remediation/Countermeasures