CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Make a Declaration
Contact Us
Search the Site

News

•	CAPEC List Version 1.7.1 Now Available
•	Registration Now Open for MITRE’s Security Automation Developer Days 2012 on July 9-13
•	CAPEC/CWE/SAFES and CWRAF briefings at Systems & Software Technology Conference 2012
•	“Software Assurance in the DoD” discussion panel at Security Solutions 2012
•	CAPEC/Making Security Measurable booth at InfoSec World 2012
•	CAPEC Compatibility Section Added to CAPEC Web Site

...more

Upcoming Events

•	CAPEC/CWE/Software Assurance briefing at (ISC)² SecureSDLC 2012, May 17
•	CAPEC/CybOX/MAEC/CWE/Software Assurance briefings at DHS/DoD SwA Working Group Meeting, June 25-29

...more

Status Report

Version 1.7.1 includes: mapping CAPEC-113 (API Abuse/Misuse) to the Common Weakness Enumeration’s (CWE™) CWE-676 (Use of Potentially Dangerous Function); adding new summary descriptions for CAPEC-223 (Probabilistic Techniques), CAPEC-225 (Exploitation of Authentication), CAPEC-232 (Exploitation of Privilege/Trust), and CAPEC-255 (Data Structure Attacks); and modifying the summary description for CAPEC-156 (Spoofing). Schema updates included modifying the schema import so that CAPEC v1.7.1 now imports Cyber Observable eXpression (CybOX™) Version 1.0 (Draft).

More Information

capec@mitre.org

CAPEC™ International in scope and free for public use, CAPEC is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Attack patterns are descriptions of common methods for exploiting software systems. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker's perspective and the approaches used to exploit software systems. CAPEC provides this information to the community in order to help enhance security throughout the software development lifecycle and to support the needs of developers, testers, and educators.

Release 1.7.1 Available

Related Efforts
Cyber Observables (CybOX) Malware (MAEC) Log Format (CEE) Platforms (CPE) Configurations (CCE) Software Weakness Types (CWE)	Weakness Scoring System (CWSS) Vulnerability Scoring System (CVSS) Vulnerabilities (CVE) Assessment Language (OVAL) Build Security In Making Security Measurable

Page Last Updated: May 10, 2012


	CAPEC is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2009 - 2012, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us