CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC)

Search by ID:

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Make a Declaration
Contact Us
Search the Site

News

•	CAPEC List Version 1.7.1 Now Available
•	CAPEC/Making Security Measurable booth at Black Hat Briefings 2012
•	CAPEC/CybOX/STIX keynote briefing at CyberPatterns 2012
•	Briefing Slides from Security Automation Developer Days 2012 Now Available
•	CAPEC/CybOX/CWE/Software Assurance briefings at DHS/DoD SwA Working Group Meeting

...more

Upcoming Events

•	CAPEC/Making Security Measurable booth at 2012 Information Assurance Expo, August 27-30
•	CAPEC/MAEC/CWE/SwA briefings at DHS/DoD SwA Forum Session, September 18-20

...more

Status Report

Version 1.7.1 includes: mapping CAPEC-113 (API Abuse/Misuse) to the Common Weakness Enumeration’s (CWE™) CWE-676 (Use of Potentially Dangerous Function); adding new summary descriptions for CAPEC-223 (Probabilistic Techniques), CAPEC-225 (Exploitation of Authentication), CAPEC-232 (Exploitation of Privilege/Trust), and CAPEC-255 (Data Structure Attacks); and modifying the summary description for CAPEC-156 (Spoofing). Schema updates included modifying the schema import so that CAPEC v1.7.1 now imports Cyber Observable eXpression (CybOX™) Version 1.0 (Draft).

More Information

capec@mitre.org

CAPEC™ International in scope and free for public use, CAPEC is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Attack patterns are descriptions of common methods for exploiting software systems. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker's perspective and the approaches used to exploit software systems. CAPEC provides this information to the community in order to help enhance security throughout the software development lifecycle and to support the needs of developers, testers, and educators.

Release 1.7.1 Available

Related Efforts
Cyber Observables (CybOX) Malware (MAEC) Log Format (CEE) Platforms (CPE) Configurations (CCE) Software Weakness Types (CWE)	Weakness Scoring System (CWSS) Vulnerability Scoring System (CVSS) Vulnerabilities (CVE) Assessment Language (OVAL) Build Security In Making Security Measurable

Page Last Updated: August 10, 2012


-->	CAPEC is co-sponsored by the National Cyber Security Division’s Software Assurance program at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007 - 2012, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us