Testing that focuses on functions a system should not allow exemplifies which type of testing?

Misuse case testing is a critical component of security assessment that focuses on identifying and validating the various ways in which a system can be misused or attacked. This type of testing is designed to uncover potential vulnerabilities by simulating scenarios where a user attempts to perform actions that the system should not allow. It helps ensure that the security controls are robust and that the system behaves correctly even in the face of attempted misuse.

By targeting functions that should be denied, misuse case testing aims to discover weaknesses in authentication, access controls, and other security mechanisms. It enhances the understanding of how a system can be manipulated beyond its intended use, thereby contributing to a more secure design and implementation.

This approach contrasts with functional testing, which validates that a system performs its intended functions. Regression testing is focused on ensuring that new changes do not break existing functionality, while performance testing evaluates how a system behaves under load, rather than focusing on inappropriate uses of the system. Thus, misuse case testing is distinctly suited to identifying and fortifying security weaknesses by examining the boundaries of acceptable use.