Using a login system as an example, how would you model Misuse Cases?
Model the input fields as use cases ("Enter username", "Enter password", "Use system"), then draw an "Injection attack" MUC that exploits the two input fields and threatens the protected "Use system".
The login system has three use cases the legitimate User drives: Enter username, Enter password, and Use system. An attacker drives one Misuse Case — an Injection attack (black oval) — wired up like this:
- exploits → Enter username and Enter password: the input fields are where the malicious payload goes in.
- threatens → Use system: that's the asset put at risk — bypassing the login lets the attacker reach the system's real functionality.
Key insight: every input field is a candidate entry point, so each one gets an "exploits" arrow; the "threatens" arrow then points at whatever valuable use case the attack ultimately endangers. Mapping it this way tells you exactly where to put input validation (at the exploited fields) and what you're protecting (the threatened UC).