Home > Community > Use & Citations of CAPEC  

Use & Citations of CAPEC

This page lists community usage of CAPEC by Industry, Government, Academia, Policy/Guidance, Reference, and Standards. A running count of the number of citations by category is also included.

Total: 51

Industry

A Cyber Attack Modeling and Impact Assessment Framework[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Igor Kotenko and Andrey Chechulin. "A Cyber Attack Modeling and Impact Assessment Framework". 5th International Conference on Cyber Conflict IEEE. 2013-06. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6568374>.

A Model for Structuring and Reusing Security Requirements Sources and Security Requirements[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Christian Schmitt and Peter Liggesmeyer. "A Model for Structuring and Reusing Security Requirements Sources and Security Requirements". 21st International Conference on Requirements Engineering. 2015-03. <http://ceur-ws.org/Vol-1342/04-CRE.pdf>.

A novel approach to evaluate software vulnerability prioritization[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Chien-Cheng Huang, Feng-Yu Lin, Frank Yeong-Sung Lin and Yeali S. Sun. "A novel approach to evaluate software vulnerability prioritization". Issue 11. The Journal of Systems and Software. Vol.86. Department of Information Management, National Taiwan University. 2013. <http://dx.doi.org/10.1016/j.jss.2013.06.040>.

A Review of the Vulnerabilities of Web Applications[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Ravneet Kaur Sidhu. "A Review of the Vulnerabilities of Web Applications". International Journal of Computer Science and Mobile Computing. 2013-09. <http://www.ijcsmc.com/docs/papers/September2013/V2I9201334.pdf>.

A Security Analysis Framework Powered by an Expert System[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Maher Mohamed Gamal, Dr. Bahaa Hasan and Dr. Abdel Fatah Hegazy. "A Security Analysis Framework Powered by an Expert System". Book: 2011 Volume 4, Issue 6. International Journal of Computer Science and Security (IJCSS). Computer Science Journals. 2011-08-02. <http://www.cscjournals.org/csc/download/issuearchive/IJCSS/volume4/IJCSS_V4_I6.pdf#page=17>.

A Testbed and Process for Analyzing Attack Vectors and Vulnerabilities in Hybrid Mobile Apps Connected to Restful Web Services[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Matthew L. Hale and Seth Hanson. "A Testbed and Process for Analyzing Attack Vectors and Vulnerabilities in Hybrid Mobile Apps Connected to Restful Web Services". 2015-09. 2015 IEEE World Congress on Services. 2015. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7196523&tag=1>.

An Approach to Counteracting the Common Cyber-attacks According to the Metric-Based Model[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Mohammad Sirwan Geramiparvar and Nasser Modiri. "An Approach to Counteracting the Common Cyber-attacks According to the Metric-Based Model". International Journal of Computer Science and Network Security (IJCSNS). 2015-02. <http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=12127CB3A99507F7A6897B91CA5B3E10?doi=10.1.1.696.9754&rep=rep1&type=pdf>.

An overview of vulnerability assessment and penetration testing techniques[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Sugandh Shah and B. M. Mehtre. "An overview of vulnerability assessment and penetration testing techniques". Issue 1. Journal of Computer Virology and Hacking Techniques. Volume 11. 2014-11. <http://rd.springer.com/article/10.1007/s11416-014-0231-x>.

Analyzing Attack Strategies Through Anti-goal Refinement[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Tong Li, Elda Paja, Kristian Beckers, Jennifer Horkoff and John Mylopoulos. "Analyzing Attack Strategies Through Anti-goal Refinement". Proceedings of The Practice of Enterprise Modeling: 8th IFIP WG 8.1. Working Conference, PoEM 2015. Springer. 2015-11. <https://books.google.com/books?id=kSfUCgAAQBAJ&printsec=frontcover&source=gbs_ge_summary_r&cad=0>.

Applied Vulnerability Detection System[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Jeffrey Smith, Basil Krikeles, David K. Wittenberg and Mikael Taveniku. "Applied Vulnerability Detection System". 2015 IEEE International Symposium on Technologies for Homeland Security (HST). XXXX-XX-XX. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225296>.

Attack pattern ontology: A common language for attack information sharing between organizations[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Uses Specific CAPEC InfoMakes use of specific information from CAPEC., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Yiwen Zhu. "Attack pattern ontology: A common language for attack information sharing between organizations". PUBLICATION. TU Delft. 2015-08. <http://resolver.tudelft.nl/uuid:611583f1-b200-4851-915e-76a43c42fd46>.

Automated analysis of security requirements through risk-based argumentation[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Uses Specific CAPEC InfoMakes use of specific information from CAPEC., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Yijun Yu, Thein Than Tun, Roel J. Wieringa and Bashar Nuseibeh. "Automated analysis of security requirements through risk-based argumentation". Journal of Systems and Software. Volume 106. 2015-08. <http://dx.doi.org/10.1016/j.jss.2015.04.065>.

Automating Risk Analysis of Software Design Models[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Maxime Frydman, Guifré Ruiz, Elisa Heymann and Barton P. Miller. "Automating Risk Analysis of Software Design Models". The Scientific World Journal 2014. 2014-06. <http://www.jornadassarteco.org/js2012/papers/paper_92.pdf>.

Automating Threat Modeling through the Software Development Life-Cycle[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Guifre Ruiz, Elisa Heymann, Eduardo Cesar and Barton P. Miller. "Automating Threat Modeling through the Software Development Life-Cycle". Jornadas Sarteco. 2012-09. <http://www.jornadassarteco.org/js2012/papers/paper_92.pdf>.

Case Base for Secure Software Development Using Software Security Knowledge Base[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

A. Hazeyama, M. Saito, N. Yoshioka, A. Kumagai, T. Kobashi, H. Washizaki, H. Kaiya and T. Okubo. "Case Base for Secure Software Development Using Software Security Knowledge Base". IEEE 39th Annual Computer Software and Applications Conference (COMPSAC). Volume 3. 2015-07. <http://dx.doi.org/10.1109/COMPSAC.2015.86>.

Computational ontology of network operations[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Alessandro Oltramari, Lorrie Faith Cranor, Robert J. Walls and Patrick McDaniel. "Computational ontology of network operations". Military Communications Conference - MILCOM 2015. 2015-10. <http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7347040>.

Computer and Information Security Handbook[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

John R. Vacca. "Computer and Information Security Handboook". Second. Morgan Kaufmann Publishers. 2013. <http://books.google.com/books?id=zb916YOr16wC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false>.

Critical Watch - OWASP to WASC to CWE Mapping - Correlating Different Industry Taxonomy[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Jesper Jurcenoks. "OWASP to WASC to CWE Mapping - Correlating Different Industry Taxonomy". Critical Watch. 2013-06. <http://www.criticalwatch.com/assets/c-Owasp-to-Wasc-to-CWE-Mapping-Tech-Paper-0710131.pdf>.

CSAAES: An expert system for cyber security attack awareness[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Cheshta Rani and Shivani Goel. "CSAAES: An expert system for cyber security attack awareness". International Conference on Computing, Communication and Automation (ICCCA2015). 2015. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7148381&tag=1>.

Cybersecurity Procurement Language for Energy Delivery Systems[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Energy Sector Control Systems Working Group. "Cybersecurity Procurement Language for Energy Delivery Systems". DOE. 2014-04. <http://www.energy.gov/sites/prod/files/2014/04/f15/CybersecProcurementLanguage-EnergyDeliverySystems_040714_fin.pdf>.

CyberV@R[Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Dr. Mark Raugus, Dr. James Ulrich, Roberta Faux, Scott Finkelstein and Charlie Cabot. "A Cyber Security Model for value at Risk". Cyber Point International. 2013-01. <http://cyberpointllc.com/openResearch/CyberV@R.pdf>.

DOI 10.1109/DASC.2011.25[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Per Hakon Meland. "Service Injection: A Threat to Self-managed Complex Systems". 2011 Ninth IEEE International Conference on Dependable, Autonomic and Secure Computing. DOI 10.1109/DASC.2011.25. IEEE Computer Society. 2011-12-12. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6118344>.

DOI 10.1109/ITNG.2009.24[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Patrick H. Engebretson and Joshua J. Pauli. "Leveraging Parent Mitigations and Threats for CAPEC-Driven Hierarchies". 2009 Sixth International Conference on Information Technology: New Generations. DOI 10.1109/ITNG.2009.24. IEEE Computer Society. 2009-04-27. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5070641>.

From the Publisher[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Justin Hill. "From the Publisher". Crosstalk. The Journal of Defense Software Engineering. 2014 September/October. <http://www.crosstalkonline.org/storage/issue-archives/2014/201409/201409-Hill.pdf>.

From the Sponsor[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Roberta Stempfley. "From the Sponsor". March/April 2014. Crosstalk: The Journal of Defense Software Engineering. Preface. <http://www.crosstalkonline.org/storage/issue-archives/2014/201403/201403-Stempfley.pdf>.

Holistic security requirements analysis: An attacker's perspective[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Tong Li, Jennifer Horkoff and Kristian Beckers. "Holistic security requirements analysis: An attacker's perspective". International Requirements Engineering Conference (RE). 2015. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7320439>.

IATAC/DACS SOAR[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Karen Mercedes Goertzel, Theodore Winograd, Holly Lynne McKinley, Lyndon Oh, Michael Colon, Thomas McGibbon, Elaine Fedchak and Robert Vienneau. "State-of-the-Art Report (SOAR)". Software Security Assurance. Information Assurance Technology Analysis Center (IATAC), Data and Analysis Center for Software (DACS). 2007-07-31. <http://iac.dtic.mil/csiac/download/security.pdf>.

Identifying attack patterns for insider threat detection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ioannis Agrafiotis, Jason RC Nurse, Oliver Buckley, Phil Legg, Sadie Creese and Michael Goldsmith. "Identifying attack patterns for insider threat detection". Issue 7. Computer Fraud & Security. Volume 2015. XXX. 2015-07. <http://dx.doi.org/10.1016/S1361-3723%2815%2930066-X>.

In Cyber-Space No One Can Hear You S·CREAM - A Root Cause Analysis for Socio-Technical Security[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Uses Specific CAPEC InfoMakes use of specific information from CAPEC., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Jean-Louis Huynen, Vincent Koenig, Gabriele Lenzini and Ana Ferreira. "In Cyber-Space No One Can Hear You S·CREAM - A Root Cause Analysis for Socio-Technical Security". Springer International Publishing Switzerland. 2015. <http://rd.springer.com/content/pdf/10.1007%2F978-3-319-24858-5_16.pdf>.

Integrating attacker behavior in IT security analysis: a discrete-event simulation approach[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Andreas Ekelhart, Bernhard Grill , Elmar Kiesling, Christine Strauss and Christian Stummer. "Integrating attacker behavior in IT security analysis: a discrete-event simulation approach". Issue 3. Information Technology and Management. Volume 16. Springer. 2015-06. <http://rd.springer.com/journal/10799>.

Mining known attack patterns from security-related events[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Nicandro Scarabeo, Benjamin C.M. Fung and Rashid H. Khokhar. "Mining known attack patterns from security-related events". PeerJ Computer Science. 2015-10. <https://peerj.com/articles/cs-25.pdf>.

MITRE SEG Cyber Threat Susceptibility Assessment[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

"Enterprise Engineering: Systems Engineering for Mission Assurance". Systems Engineering Guide. Cyber Threat Susceptibility Assessment. The MITRE Corporation. <http://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/cyber-threat-susceptibility-assessment‎>.

Ontology-based modeling of DDoS attacks for attack plan detection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Morteza Ansarinia, Seyyed Amir Asghari, Afshin Souzani and Ahmadreza Ghaznavi. "Ontology-based modeling of DDoS attacks for attack plan detection". 2012 Sixth International Symposium on Telecommunications (IST). 2011-11. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6483131>.

OWASP Testing Guide v4[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

"OWASP Testing Guide v4". The Open Web Application Security Project (OWASP). 2014-09-17. <https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents>.

Predicting Network Attacks Using Ontology-Driven Inference[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ahmad Salahi and Morteza Ansarinia. "Predicting Network Attacks Using Ontology-Driven Inference". Computing Research Repository (CoRR). 2013. <https://arxiv.org/ftp/arxiv/papers/1304/1304.0913.pdf>.

Principles for Software Assurance Assessment[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Shaun Gilmore, Reeny Sondhi and Stacy Simpson. "Principles for Software Assurance Assessment". SAFECode. 2015. <http://www.safecode.org/publication/SAFECode_Principles_for_Software_Assurance_Assessment.pdf>.

Reference Ontology for Cybersecurity Operational Information[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Takahashi, T. and Kadobayashi, Y.. "Reference Ontology for Cybersecurity Operational Information". The Computer Journal. October 2014. <http://comjnl.oxfordjournals.org/content/early/2014/10/07/comjnl.bxu101.full.pdf>.

Research on Parallel Vulnerabilities Discovery Based on Open Source Database and Text Mining[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Zhao Xianghui, Peng Yong, Zhai Zan, Jin Yi and Yao Yuangang. "Research on Parallel Vulnerabilities Discovery Based on Open Source Database and Text Mining". 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing. 2015-09. <http://dx.doi.org/10.1109/IIH-MSP.2015.84>.

Risk Assessment and Security Testing of Large Scale Networked Systems with RACOMAT[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Johannes Viehmann and Frank Werner. "Risk Assessment and Security Testing of Large Scale Networked Systems with RACOMAT". Springer International Publishing Switzerland. 2015. <http://rd.springer.com/content/pdf/10.1007%2F978-3-319-26416-5_1.pdf>.

Security Analysis Method of Recognition-Based Graphical Password[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Touraj Khodadadi, Mojtaba Alizadeh, Somayyeh Gholizadeh, Mazdak Zamani and Mahdi Darvishi. "Security Analysis Method of Recognition-Based Graphical Password". No 5. Jurnal Teknologi. Vol 72. 2015. <http://www.jurnalteknologi.utm.my/index.php/jurnalteknologi/article/view/3941/2903>.

Security Automation and Threat Information-Sharing Options[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Panos Kampanakis. "Security Automation and Threat Information-Sharing Options". Volume:12, Issue:5. Security & Privacy, IEEE. pp. 42 - 51. IEEE Computer Society. 2014-Septemnber/October. <http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6924671&tag=1>.

Security countermeasure management platform[Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Michael S. Curtis, Audian H. Paxson, Eva E. Bunker, Nelson W. Bunker and Kevin M. Mitchell. "Security countermeasure management platform". U.S. Patent Application 20140344940. Achilles Guard, Inc. D.B.A. Critical Watch. 2014-11-20. <http://www.freepatentsonline.com/y2014/0344940.html>.

Security for Web Services and Service-Oriented Architectures[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Elisa Bertino, Lorenzo Martino, Federica Paci and Anna Squicciarini. "Security for Web Services and Service-Oriented Architectures". Springer. 2009. <http://books.google.com/books?id=RYBKAAAAQBAJ&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false>.

Selecting security control portfolios: a multi-objective simulation-optimization approach[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Andreas Ekelhart, Bernhard Grill, Elmar Kiesling, Christine Strauss and Christian Stummer. "Selecting security control portfolios: a multi-objective simulation-optimization approach". EURO Journal on Decision Processes. Springer-Verlag. 2016-04. <http://rd.springer.com/article/10.1007%2Fs40070-016-0055-7>.

Sequential Modeling for Obfuscated Network Attack Action Sequences[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Haitao Du and Shanchieh Jay Yang. "Sequential Modeling for Obfuscated Network Attack Action Sequences". IEEE Conference on Communications and Network Security 2013. 2013-10. <http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6682742>.

State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

David A. Wheeler and Rama S. Moorthy. "State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation". IDA Paper P-5061. Defense Technical Information Center - Science & Technology (DTIC). Institute for Defense Analysis (IDA). July 2014. <http://www.dtic.mil/dtic/tr/fulltext/u2/a607954.pdf>.

The CAPEC based generator of attack scenarios for network security evaluation[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Igor Kotenko and Elena Doynikova. "The CAPEC based generator of attack scenarios for network security evaluation". 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 2015-09. <http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7340774>.

They Know Your Weaknesses – Do You? : Reintroducing Common Weakness Enumeration[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Yan Wu, Irena Bojanova and Yaacov Yesha. "They Know Your Weaknesses – Do You? : Reintroducing Common Weakness Enumeration". Supply Chain Assurance. CrossTalk. September/October 2015. <http://static1.1.sqspcdn.com/static/f/702523/26523304/1441780301827/201509-Wu.pdf>.

Threat Modeling: Designing for Security[Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Adam Shostack. "Threat Modeling: Designing for Security". DoD. 2014-02. <http://www.acq.osd.mil/se/docs/SSE-Language-for-TSN-in-DoD-RFPs.pdf>.

Trustwave Spiderlabs[Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

"CWE the VOTE". SpiderLabs Blog. Trustwave. 2012-11-06. <http://blog.spiderlabs.com/2012/11/cwe-the-vote.html>.

Using CAPEC for Risk-Based Security Testing[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Uses Specific CAPEC InfoMakes use of specific information from CAPEC., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Fredrik Seehusen. "Using CAPEC for Risk-Based Security Testing". Springer International Publishing Switzerland. 2015. <http://rd.springer.com/content/pdf/10.1007%2F978-3-319-26416-5_6.pdf>.

Total: 17

Government

A Proven Methodology for Developing Secure Software and Applying It to Ground Systems[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Brandon Bailey. "A Proven Methodology for Developing Secure Software and Applying It to Ground Systems". NASA Goddard Space Flight Center. 2016-02. <http://hdl.handle.net/2060/20160003695>.

Actionable information for Security Incident Response[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

This document was created by the CERT capability team at ENISA in consultation with CERT Polska / NASK (Poland). "Actionable information for Security Incident Response". European Union Agency for Network and Information Security. November 2014. <https://www.enisa.europa.eu/activities/cert/support/actionable-information/actionable-information-for-security/at_download/fullReport>.

Addressing Software Security[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Brandon Bailey. "Addressing Software Security". NASA Goddard Space Flight Center. 2015-11. <http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20150023414.pdf>.

CIPII[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Maurico Papa and Sujeet Shenoi. "Critical Infrastructure Protection II". IFIP WG 11.10 Series in Critical Infrastructure Protection. Springer. 2013. <http://books.google.com/books?id=Dbw330LIaMkC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false>.

DHS NCS FISMA Reporting Metrics FY2012[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

"Chief Information Officer Federal Information Security Management Act Reporting Metrics". FY 2012. US Department of Homeland Security National Cyber Security Division Federal Network Security. 2012-02-14. <https://www.dhs.gov/xlibrary/assets/nppd/ciofismametricsfinal.pdf>.

DHS NCS FISMA Reporting Metrics FY2013[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

"Chief Information Officer Federal Information Security Management Act Reporting Metrics". FY 2013. US Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience. 2012-11-30. <https://www.dhs.gov/sites/default/files/publications/FY13%20CIO%20FISMA%20Metrics.pdf.pdf>.

FISMA Compliance Handbook[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Laura P. Taylor. "FISMA Compliance Handbook". Second Edition. Syngress. 2013. <http://books.google.com/books?id=_2SV_0aGtPEC&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false>.

General Requirements of a Hybrid-Modeling Framework for Cyber Security[Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Alessandro Oltramari, Noam Ben-Asher, Lorrie Cranor, Lujo Bauer and Nicolas Christin. "General Requirements of a Hybrid-Modeling Framework for Cyber Security". Military Communications Conference (MILCOM). pp. 129 - 135. IEEE. 2014-10-06. <http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6956749&tag=1>.

PPP Outline and Guidance[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics. "Program Protection Plan Outline & Guidance". Version 1.0. Deputy Assistant Secretary of Defense Systems Engineering. 2011-07-18. <http://www.acq.osd.mil/se/docs/PPP-Outline-and-Guidance-v1-July2011.docx>.

PPP Software Assurance Chapter [Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Office of Assistant Secretary of Defense for Research and Engineering. "Defense Acquisition Guidebook - Your Acquisition Policy and Discretionary Best Practice Guide". PPP Software Assurance Chapter. DAU Information Systems Service Center (ISSC). 2013-09-17. <https://acc.dau.mil/dag13.7.3>.

Public Safety Mobile Application Security Requirements Workshop Summary[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Michael Ogata, Barbara Guttman and Nelson Hastings. "Public Safety Mobile Application Security Requirements Workshop Summary". National Institute of Standards and Technology Internal Report 8018 (NISTIR). 8018. National Institute of Standards and Technology (NIST). 2015-01. <http://dx.doi.org/10.6028/NIST.IR.8018>.

Req Challenges SC Threats[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Paul R. Popick and Melinda Reed. "Requirements Challenges in Addressing Malicious Supply Chain Threats". Vol. 16, Issue 2. INCOSE INSIGHT. International Council on Systems Engineering (INCOSE). 2013-07. <http://www.acq.osd.mil/se/docs/ReqChallengesSCThreats-Reed-INCOSE-Vol16-Is2.pdf>.

SSE-Language-for-TSN-in-DoD-RFPs[Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Deputy Assistant Secretary of Defense for Systems Engineering and Department of Defense Chief Information Officer. "Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals". DoD. 2014-01. <http://www.acq.osd.mil/se/docs/SSE-Language-for-TSN-in-DoD-RFPs.pdf>.

Standards and Tools for Exchange and Processing of Actionable Information Inventory[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

This document was created by the CERT capability team at ENISA in consultation with CERT Polska / NASK (Poland). "Standards and Tools for Exchange and Processing of Actionable Information Inventory". European Union Agency for Network and Information Security. November 2014. <https://www.enisa.europa.eu/activities/cert/support/actionable-information/standards-and-tools-for-exchange-and-processing-of-actionable-information/at_download/fullReport>.

Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Deputy Assistant Secretary of Defense for Systems Engineering and Department of Defense Chief Information Officer. "Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals". Deputy Assistant Secretary of Defense. 2014 January. <http://www.acq.osd.mil/se/docs/SSE-Language-for-TSN-in-DoD-RFPs.pdf>.

Supply Chain Risk Management Practices for Federal Information Systems and Organizations[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Jon Boyens, Celia Paulsen, Rama Moorthy and Nadya Bartol. "Supply Chain Risk Management Practices for Federal Information Systems and Organizations". NIST Special Publication (SP). 800-161. National Institute of Standards and Technology (NIST). 2015-04. <http://dx.doi.org/10.6028/NIST.SP.800-161>.

SwA-CM-in-PPP[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Deputy Assistant Secretary of Defense for Systems Engineering and Department of Defense Chief Information Officer. "Software Assurance Countermeasures in Program Protection Planning". DoD. 2014-03. <http://www.acq.osd.mil/se/docs/SwA-CM-in-PPP.pdf>.

Total: 23

Academia

A Communications Jamming Taxonomy[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Marc Lichtman, Jeffrey D. Poston, SaiDhiraj Amuru, Chowdhury Shahriar, T. Charles Clancy, R. Michael Buehrer and Jeffrey H. Reed. "A Communications Jamming Taxonomy". 2016. <http://www.buehrer.ece.vt.edu/papers/Com_Jam_Taxonomy.pdf>.

A Cyber Attack Modeling and Impact Assessment Framework[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Uses Specific CAPEC InfoMakes use of specific information from CAPEC., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Igor Kotenko and Andrey Chechulin. "A Cyber Attack Modeling and Impact Assessment Framework". Cyber Conflict (CyCon), 2013 5th International Conference. IEEE. June 2013. <https://ccdcoe.org/cycon/2013/proceedings/d1r2s3_kotenko.pdf>.

A Strategy for Formalizing Attack Patterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Clive Blackwell. "A Strategy for Formalizing Attack Patterns". Proceedings of Cyberpatterns 2012. pages 35-38. Oxford Brookes University. 2012. <http://compeng.ulster.ac.uk/iu-atc/publications/Attack%20Pattern%20Recognition%20through%20Corellating%20Cyber%20Situational%20Awareness%20in%20Computer%20Networks.pdf#page=39>.

Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

William Knowles, Alistair Baron and Tim McGarr. "Analysis and recommendations for standardization in penetration testing and vulnerability assessment: Penetration testing market survey". E-print Network. BSI Group, Inc.. 2015-01. <http://eprints.lancs.ac.uk/74275/1/Penetration_testing_online_2.pdf>.

Attack Pattern Recognition through Correlating Cyber Situational Awareness in Computer Networks[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Noor-ul-hassan Shirazi, Alberto Schaeffer-Filho and David Hutchison. "Attack Pattern Recognition through Correlating Cyber Situational Awareness in Computer Networks". Proceedings of Cyberpatterns 2012. pages 57-61. Oxford Brookes University. 2012. <http://tech.brookes.ac.uk/CyberPatterns2012/Cyberpatterns2012Proceedings.pdf>.

Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems[Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Jeffery Burroughs, Dr. Patrick Engebretson and Dr. Joshua Pauli. "Attack Traffic Libraries for Testing and Teaching Intrusion Detection Systems". Proc. of Information Systems Analysis and Synthesis: (ISAS 2011). Dakota State University. 2011-03. <http://www.dsu.edu/research/ia/documents/%5B15%5D-Attack-Traffic-Libraries-for-Testing-and-Teaching-Intrusion-Detection-Systems.pdf>.

CERT CMU/SEI-2009-SR-001[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Nancy R. Mead, Julia H. Allen, W. Arthur Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe, James Rainey and Dan Shoemaker. "Making the Business Case for Software Assurance". Special Report. CMU/SEI-2009-SR-001. Software Engineering Institute (SEI) Carnegie Mellon. 2009-04. <http://www.cert.org/archive/pdf/09sr001.pdf>.

CMU/SEI-2007-TN-025[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Carol Woody, PhD. "Process Improvement Should Link to Security: SEPG 2007 Security Track Recap". Technical Note. CMU/SEI-2007-TN-025. Software Engineering Institute (SEI) Carnegie Mellon. 2007-09. <http://repository.cmu.edu/sei/22/>.

CMU/SEI-2010-TN-016[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Robert J. Ellison, John B. Goodenough, Charles B. Weinstock and Carol Woody. "Evaluating and Mitigating Software Supply Chain Security Risks". Technical Note. CMU/SEI-2010-TN-016. Software Engineering Institute (SEI) Carnegie Mellon. 2010-05. <http://repository.cmu.edu/sei/22/>.

CMU/SEI-2010-TN-026[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Robert J. Ellison, Christopher J. Alberts, Rita C. Creel, Audrey J. Dorofee and Carol C. Woody. "Software Supply Chain Risk Management: From Products to Systems of Systems". Research Showcase. CMU/SEI-2010-TN-026. Software Engineering Institute (SEI) Carnegie Mellon. 2010-12-01. <http://repository.cmu.edu/sei/603/>.

Design of Exploitable Automatic Verification System for Secure Open Source Software[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Bumryong Kim, Jun-ho Song, Jae-Pye Park and Moon-seog Jun. "Design of Exploitable Automatic Verification System for Secure Open Source Software". Lecture Notes in Electrical Engineering in Advances in Computer Science and Ubiquitous Computing, CSA&CUTE. Volume 373. 2015-12. <http://rd.springer.com/content/pdf/10.1007%2F978-981-10-0281-6_40.pdf>.

DOI 10.1109/DASC.2011.42[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Aleem Khalid Alvi and Mohammad Zulkernine. "A Natural Classification Scheme for Software Security Patterns". 2011 Ninth IEEE International Conference on Dependable, Autonomic and Secure Computing. DOI 10.1109/DASC.2011.42. IEEE Computer Society. 2011-12-12. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6118361&tag=1>.

DOI 10.1109/HICSS.2010.313[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

Ju An Wang, Minzhe Guo, Hao Wang, J. Camargo and Linfeng Zhou. "Ranking Attacks Based on Vulnerability Analysis". 2010 43rd Hawaii International Conference on System Sciences (HICSS). DOI 10.1109/HICSS.2010.313. IEEE Computer Society. 2010. <http://xplqa30.ieee.org/stamp/stamp.jsp?tp=&arnumber=5428663>.

DOI 10.1109/HICSS.2012.643[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Dr. Bruce Gabrielson. "Who Really Did It? Controlling Malicious Insiders by Merging Biometric Behavior With Detection and Automated Responses". 2012 45th Hawaii International Conference on System Sciences. DOI 10.1109/HICSS.2012.643. IEEE Computer Society. 2012-01-04. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6149310>.

DOI 10.1109/PST.2011.5971976[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

Samir Ouchani, Yosr Jarraya and Otmane Ait Mohamed. "Model-Based Systems Security Quantification". 2011 Ninth Annual International Conference on Privacy, Security and Trust. DOI 10.1109/PST.2011.5971976. IEEE. 2011-07-19. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5971976>.

Future Directions for Research on Cyberpatterns[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Clive Blackwell and Hong Zhu. "Future Directions for Research on Cyberpatterns". Oxford Brookes University. 2014. <http://cms.brookes.ac.uk/staff/HongZhu/Publications/CyberPatternsBook-Conclusion%20Chapter%20-final.pdf>.

Hunting bugs with Coccinelle[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Henrik Stuart. "Hunting bugs with Coccinelle". 2008-08-08. <http://www.emn.fr/z-info/coccinelle/stuart_thesis.pdf>.

Ontology-based modeling of DDoS attacks for attack plan detection[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Morteza Ansarinia, Seyyed Amir Asghari, Afshin Souzani and Ahmadreza Ghaznavi. "Ontology-based modeling of DDoS attacks for attack plan detection". 2012 Sixth International Symposium on Telecommunications (IST). 2012-11-6. <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6483131&tag=1>.

Predicting Network Attacks Using Ontology-Driven Inference[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ahmad Salahi and Morteza Ansarinia. "Predicting Network Attacks Using Ontology-Driven Inference". Volume 4, Issue 1. International Journal of Information and Communication Technology (IJICT). 2012-1. <http://arxiv.org/pdf/1304.0913v1>.

Supporting Situationally Aware Cybersecurity Systems[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Zareen Syed, Tim Finin, Ankur Padia and Lisa Mathews. "Supporting Situationally Aware Cybersecurity Systems". University of Maryland Baltimore County. 2015-09. <http://ebiquity.umbc.edu/_file_directory_/papers/778.pdf>.

TA-CS03[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Pascal Meunier. "Classes of Vulnerabilities and Attacks". Wiley Handbook of Science and Technology for Homeland Security. Technial article - CS03. The Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University. 2007. <http://homes.cerias.purdue.edu/~pmeunier/aboutme/classes_vulnerabilities.pdf>.

TESTING THE SECURITY VULNERABILITIES OF OPENEMR 4.1.1: A CASE STUDY[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Francis Akowuah, Jerrisa Lake, Xiaohong Yuan, Emmanuel Nuakoh and Huiming Yu. "TESTING THE SECURITY VULNERABILITIES OF OPENEMR 4.1.1: A CASE STUDY". Issue 3. Journal of Computing Sciences in Colleges. Volume 30. 2015-01. <http://dl.acm.org/ft_gateway.cfm?id=2675332&ftid=1503875&dwn=1&CFID=616595007&CFTOKEN=34150276>.

The Impact of Contextual Factors on the Security of Code[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Carol Woody, Ph.D. and Dan Shoemaker, Ph.D.. "The Impact of Contextual Factors on the Security of Code". Defense Technical Information Center - Science & Technology (DTIC). Carnegie Mellon Software Engineering Institute - CERT Division/SSD. 2014-12. <http://www.dtic.mil/dtic/tr/fulltext/u2/a617283.pdf>.

Total: 1

Academia

Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Imano Williams. "Evaluating a Method to Develop and Rank Abuse Cases based on Threat Modeling, Attack Patterns and Common Weakness Enumeration". Master of Science Thesis. North Carolina Agricultural and Technical State University. 2015. <http://search.proquest.com/docview/1761832676>.

Total: 6

Policy/Guidance

DHS CSSP Common Cybersecurity Vulnerabilities ICS[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

"DHS Control Systems Security Program (CSSP) Common Cybersecurity Vulnerabilities in Industrial Control Systems". 2011-05. <http://ics-cert.us-cert.gov/sites/default/files/documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf>.

SAFECode Development Practices[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Stacy Simpson, Mark Belk, Matt Coles, Cassio Goldschmidt, Michael Howard, Kyle Randolph, Mikko Saario, Reeny Sondhi, Izar Tarandach, Antti Vähä-Sipilä and Yonko Yonchev. "A Guide to the Most Effective Secure Development Practices in Use Today". 2nd Edition. Fundamental Practices for Secure Software Development. Software Assurance Forum for Excellence in Code (SAFECode). 2011-02-08. <http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf>.

SANS Exchanging Assessment Results[Standard IdentifierUses CAPEC IDs as a standard Identifier system.]

Jason Lam. "Exchanging and sharing of assessment results". SANS Software Security with Frank Kim - AppSec Blog. The SANS Institute. 2010-11-19. <http://software-security.sans.org/blog/2010/11/19/exchanging-sharing-assessment-results/>.

SANS NewsBites - Volume: XV, Issue: 59[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

"SANS NewsBites". Volume: XV, Issue: 59. SANS Software Security with Frank Kim - AppSec Blog. Lack of Common Lexicon Hinders Threat Information Sharing. The SANS Institute. 2013-07-25. <http://www.sans.org/newsletters/newsbites/newsbites.php?vol=15&issue=59>.

SANS SWAT Checklist[Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

"Securing Web Application Technologies (SWAT) Checklist". 23rd Edition. Securing the Human. Winter 2013. The SANS Institute. 2010. <http://www.securingthehuman.org/developer/swat>.

SwA Pocket Guide[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

"Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses". Version 2.4. Software Assurance (SwA) Pocket Guide Series: Development. Volume II. DHS NCSD Software Assurance Community Resources and Information Clearinghouse. 2012-11-01. <ftp://ftp.sei.cmu.edu/pub/pruggiero/bsi-swa/1/KeyPracticesMWV22_20121101.pdf>.

Total: 1

Reference

WASC TC[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, and Specific CAPEC IDs UsedDiscusses specific CAPEC issues by their CAPEC ID.]

"WASC Threat Classification". Version 2.00. The Web Application Security Consortium (WASC). 2010-01-01. <http://projects.webappsec.org/f/WASC-TC-v2_0.pdf>.

Total: 7

Standards

ISO/IEC TR 20004:2012[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid, Standard IdentifierUses CAPEC IDs as a standard Identifier system., and Uses Specific CAPEC InfoMakes use of specific information from CAPEC.]

"ISO/IEC TR 20004:2012 Information Technology -- Security Techniques -- Refining Software Vulnerability Analysis under ISO/IEC 15408 and ISO/IEC 18045". ISO. 2012. <http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50951>.

ITU-T X.1544[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

"Common attack pattern enumeration and classification". SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange – Event/incident/heuristics exchange. Recommendation ITU-T X.1544. ITU-T Telecommunication Standardization Sector of ITU. 2013-04. <http://www.itu.int/rec/T-REC-X.1544-201304-I>.

NIST SP 800-137[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Kelley L. Dempsey, L A. Johnson, Matthew A. Scholl, Kevin M. Stine, Alicia Clay Jones, Angela Orebaugh, Nirali S. Chawla and Ronald Johnston. "Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations". NIST Special Publication (NIST SP). 800-137. National Institute of Standards and Technology. 2011-09-30. <http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909726>.

NIST SP 800-150[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Chris Johnson, Lee Badger and David Waltermire. "Guide to Cyber Threat Information Sharing (Draft)". Draft. NIST Special Publication (NIST SP). 800-150. National Institute of Standards and Technology. 2014-10. <http://csrc.nist.gov/publications/drafts/800-150/sp800_150_draft.pdf>.

NIST SP 800-163[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ronald S. Ross. "Security and Privacy Controls for Federal Information Systems and Organizations". NIST Special Publication (NIST SP). 800-163. National Institute of Standards and Technology. 2015-01. <http://dx.doi.org/10.6028/NIST.SP.800-163>.

NIST SP 800-30[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ronald S. Ross. "Guide for Conducting Risk Assessments". rev 1. NIST Special Publication (NIST SP). 800-30. National Institute of Standards and Technology. 2012-09-17. <http://www.nist.gov/customcf/get_pdf.cfm?pub_id=912091>.

NIST SP 800-53[Knowledge SourceUses CAPEC as a Knowledge Catalog of Issues to Avoid]

Ronald S. Ross. "Security and Privacy Controls for Federal Information Systems and Organizations". Revision 4. NIST Special Publication (NIST SP). 800-53. National Institute of Standards and Technology. 2013-04-30. <http://dx.doi.org/10.6028/NIST.SP.800-53r4>.

More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016