Home > CAPEC List > CAPEC-281: Analyze Target (Version 2.9)  

CAPEC CATEGORY: Analyze Target

Analyze Target
Definition in a New Window Definition in a New Window
Category ID: 281
Status: Deprecated
+ Description


Attack patterns within this category focus on the analysis of a target system, protocol, message, or application in order to overcome protections on the target or as a precursor to other attacks. Analysis can involve dissection of an application, analysis of message patterns, formal analysis of protocols, or other methods. The outcome of these attacks can be disclosure of sensitive information, or disclosure of security configuration that leads to further attacks targeted to discovered weaknesses.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
+ Other Notes

Any entity that can be observed by an attacker could potentially be used in an analysis based attack.

Most analysis attacks require tools in order to collect information about the target. For example, scanning suites and packet sniffers might be used to analyze a web service or protocol. Moreover, following collection of information, some attacks require additional tools in order to process the discovered data. Cryptanalysis applications are one example of such tools. Finally, some of these attacks require a high level of sophistication on the part of an attacker in order to extract useful results from collected information.

When possible, minimize the information a system displays about itself, including minimizing unnecessary information in error messages and other descriptive messages.

+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated RelationshipsInternal
CAPEC Content TeamThe MITRE Corporation2017-01-09Updated RelationshipsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015