Home > CAPEC List > CAPEC-210: Abuse of Functionality (Version 2.8)  

CAPEC CATEGORY: Abuse of Functionality

 
Abuse of Functionality
Definition in a New Window Definition in a New Window
Category ID: 210
 
Status: Draft
+ Description

Summary

An adversary uses or manipulates one or more functions of an application in order to achieve a malicious objective not originally intended by the application. This is a broad class of attacks wherein the adversary is able to alter the intended result or purpose of the functionality and thereby affect application behavior or information integrity. Outcomes can range from information exposure to vandalism and reduction in service to the execution of arbitrary code on the target machine.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberMeta Attack PatternMeta Attack Pattern113API Manipulation
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern212Functionality Misuse
Mechanisms of Attack (primary)1000
HasMemberMeta Attack PatternMeta Attack Pattern216Communication Channel Manipulation
Mechanisms of Attack (primary)1000
HasMemberCategoryCategory375WASC-42 - Abuse of Functionality
WASC Threat Classification 2.0333
HasMemberMeta Attack PatternMeta Attack Pattern554Functionality Bypass
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated RelationshipsInternal
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Attack_Prerequisites, Description, Relationships, Resources_RequiredInternal

More information is available — Please select a different filter.
Page Last Updated: December 07, 2015