CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

News

•	MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012
•	CAPEC/CWE/MAEC/Software Assurance briefings at DHS/DoD SwA Working Group Meeting Session
•	CAPEC/CybOX/MAEC Briefings at Open Group Security Workshop
•	CAPEC/CWE/SwA Briefing at U.S Coast Guard Operations Systems Center
•	CAPEC Briefing and Panel Discussion at Defense Daily Open Architecture Summit 2011

...more

Upcoming Events

•	CAPEC/Making Security Measurable booth at RSA Conference 2012, February 27 - March 2, 2012

...more

Status Report

Version 1.6 includes: 75 new attack patterns within 3 new pattern categories: Physical Security Attacks, Social Engineering Attacks, and Supply Chain Attacks. There were also significant revisions to the Observables sub-schema.

More Information

capec@mitre.org

CAPEC™ International in scope and free for public use, CAPEC is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Attack patterns are descriptions of common methods for exploiting software systems. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker's perspective and the approaches used to exploit software systems. CAPEC provides this information to the community in order to help enhance security throughout the software development lifecycle and to support the needs of developers, testers, and educators.

Release 1.6 Available

Related Efforts
Cyber Observables (CybOX) Malware (MAEC) Log Format (CEE) Platforms (CPE) Configurations (CCE) Software Weakness Types (CWE)	Weakness Scoring System (CWSS) Vulnerability Scoring System (CVSS) Vulnerabilities (CVE) Assessment Language (OVAL) Build Security In Making Security Measurable

Page Last Updated: January 06, 2012


	CAPEC is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2009 - 2012, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us