Home > CAPEC List > CAPEC-281: Analyze Target (Version 2.4)  

CAPEC CATEGORY: Analyze Target

 
Analyze Target
Definition in a New Window Definition in a New Window
Category ID: 281
 
Status: Draft
+ Description

Summary

Attack patterns within this category focus on the analysis of a target system, protocol, message, or application in order to overcome protections on the target or as a precursor to other attacks. Analysis can involve dissection of an application, analysis of message patterns, formal analysis of protocols, or other methods. The outcome of these attacks can be disclosure of sensitive information, or disclosure of security configuration that leads to further attacks targeted to discovered weaknesses.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfAttack PatternAttack Pattern97Cryptanalysis
Mechanisms of Attack (primary)1000
ParentOfAttack PatternAttack Pattern188Reverse Engineering
Mechanisms of Attack (primary)1000
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Other Notes

Any entity that can be observed by an attacker could potentially be used in an analysis based attack.

Most analysis attacks require tools in order to collect information about the target. For example, scanning suites and packet sniffers might be used to analyze a web service or protocol. Moreover, following collection of information, some attacks require additional tools in order to process the discovered data. Cryptanalysis applications are one example of such tools. Finally, some of these attacks require a high level of sophistication on the part of an attacker in order to extract useful results from collected information.

When possible, minimize the information a system displays about itself, including minimizing unnecessary information in error messages and other descriptive messages.

+ Content History
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2013-12-18Updated Related_Attack_PatternsInternal
CAPEC Content TeamThe MITRE Corporation2014-04-10Updated Attack_Prerequisites, Description, Description Summary, Other_Notes, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations, Type (Attack_Pattern -> Category), Typical_SeverityInternal
Previous Entry Names
DatePrevious Entry Name
2014-04-10Analytic Attacks

Page Last Updated: April 10, 2014