CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports
Submit Content

About CAPEC
Documents
Resources

Community
Use & Citations
Related Activities
Collaboration List
T-Shirt
Contact Us

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Participants
Make a Declaration

Search the Site

News

•	"Use & Citations of CAPEC" Page Added to Community Section
•	CAPEC Project Actively Seeking Community Input
•	MITRE Hosts CAPEC Booth at Black Hat Briefings 2013
•	"Submit Content" Page Added to CAPEC List Section for Community Contributions
•	"CAPEC Schema Description Version 2.6" Document Updated
•	CAPEC Version 2.1 Now Available
•	CAPEC Mentioned in Article about Classifying Network Security Attacks on Certshelp.com

...more

Upcoming Events

•	CWE/CAPEC briefing at AppSec USA Conference Committee, November 18-21
•	DHS/DoD Software and Supply Chain Assurance (SSCA) Working Group Meeting, December 17-19

...more

Status Report

Version 2.1 was released on June 21, 2013, and includes the following: added 1 new "Deprecated Entries" View (CAPEC-483); deprecated 15 Web Application Security Consortium (WASC) entries; added various missing summaries and enhanced several entries; fixed some minor typos; recast code into code-formatting blocks; and overhauled References/Citations. The CAPEC Schema was updated to Version 2.6 to remove the capec:Reference_Description field, and to make the enumerated values whitespace-flexible. In addition, some max/minOccurs were changed/added to support content maintenance. The Schema Documentation was also updated to Version 2.6. Read the release notes.

CAPEC™ International in scope and free for public use, CAPEC is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Attack patterns are descriptions of common methods for exploiting software systems. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker’s perspective and the approaches used to exploit software systems. CAPEC provides this information to the community in order to help enhance security throughout the software development lifecycle and to support the needs of developers, testers, and educators.

Release 2.1 Available

Related Efforts
Cyber Observables (CybOX) Structured Threat Information (STIX) Malware (MAEC) Threat Information Exchange (TAXII)	Vulnerabilities (CVE) Software Weakness Types (CWE) Build Security In (BSI) Making Security Measurable (MSM)

Page Last Updated: October 23, 2013


	CAPEC is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007 - 2013, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us