# Security Tests Template

Save as `DOCUMENT_DIR/tests/security-tests.md`.

---

```markdown
# Security Tests

### NFT-SEC-01: [Test Name]

**Summary**: [What security property this validates]
**Traces to**: AC-[ID], RESTRICT-[ID]

**Steps**:

| Step | Consumer Action | Expected Response |
|------|----------------|------------------|
| 1 | [attempt unauthorized access / injection / etc.] | [rejection / no data leak / etc.] |

**Pass criteria**: [specific security outcome]
```

---

## Guidance Notes

- Security tests at blackbox level focus on black-box attacks (unauthorized API calls, malformed input), not code-level vulnerabilities.
- Verify the system remains operational after security-related edge cases (no crash, no hang).
- Test authentication/authorization boundaries from the consumer's perspective.