Home > CAPEC List > CAPEC-283: Standard Abstractions (Version 2.10)  

CAPEC VIEW: Standard Abstractions

 
Standard Abstractions
Definition in a New Window Definition in a New Window
View ID: 283
Structure: Implicit Slice
Status: Draft
+ View Objective

This view (slice) covers standard abstraction attack patterns.

+ Relationships
Standard Attack PatternStandard Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1)
Standard Attack PatternStandard Attack Pattern Accessing, Modifying or Executing Executable Files - (17)
Standard Attack PatternStandard Attack Pattern Active OS Fingerprinting - (312)
Standard Attack PatternStandard Attack Pattern Amplification - (490)
Standard Attack PatternStandard Attack Pattern Application API Button Hijacking - (388)
Standard Attack PatternStandard Attack Pattern Application API Navigation Remapping - (386)
Standard Attack PatternStandard Attack Pattern Application Fingerprinting - (541)
Standard Attack PatternStandard Attack Pattern Application Footprinting - (580)
Standard Attack PatternStandard Attack Pattern Argument Injection - (6)
Standard Attack PatternStandard Attack Pattern Audit Log Manipulation - (268)
Standard Attack PatternStandard Attack Pattern Black Box Reverse Engineering - (189)
Standard Attack PatternStandard Attack Pattern Block Logging to Central Repository - (571)
Standard Attack PatternStandard Attack Pattern Blockage - (603)
Standard Attack PatternStandard Attack Pattern Bypassing Card or Badge-Based Systems - (396)
Standard Attack PatternStandard Attack Pattern Bypassing Electronic Locks and Access Controls - (395)
Standard Attack PatternStandard Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140)
Standard Attack PatternStandard Attack Pattern Cache Poisoning - (141)
Standard Attack PatternStandard Attack Pattern Calling Micro-Services Directly - (179)
Standard Attack PatternStandard Attack Pattern Calling Signed Code From Another Language Within A Sandbox Allow This - (237)
Standard Attack PatternStandard Attack Pattern Cause Web Server Misclassification - (11)
Standard Attack PatternStandard Attack Pattern Choosing Message Identifier - (12)
Standard Attack PatternStandard Attack Pattern Clickjacking - (103)
Standard Attack PatternStandard Attack Pattern Client-Server Protocol Manipulation - (220)
Standard Attack PatternStandard Attack Pattern Cloning Magnetic Strip Cards - (397)
Standard Attack PatternStandard Attack Pattern Cloning RFID Cards or Chips - (399)
Standard Attack PatternStandard Attack Pattern Collect Data as Provided by Users - (569)
Standard Attack PatternStandard Attack Pattern Collect Data from Common Resource Locations - (150)
Standard Attack PatternStandard Attack Pattern Command Delimiters - (15)
Standard Attack PatternStandard Attack Pattern Connection Reset - (595)
Standard Attack PatternStandard Attack Pattern Content Spoofing Via Application API Manipulation - (389)
Standard Attack PatternStandard Attack Pattern Counterfeit GPS Signals - (627)
Standard Attack PatternStandard Attack Pattern Create files with the same name as files protected with a higher classification - (177)
Standard Attack PatternStandard Attack Pattern Create Malicious Client - (202)
Standard Attack PatternStandard Attack Pattern Cross Frame Scripting (XFS) - (587)
Standard Attack PatternStandard Attack Pattern Cross Site Request Forgery - (62)
Standard Attack PatternStandard Attack Pattern Cross Zone Scripting - (104)
Standard Attack PatternStandard Attack Pattern Cross-Site Scripting (XSS) - (63)
Standard Attack PatternStandard Attack Pattern Cryptanalysis - (97)
Standard Attack PatternStandard Attack Pattern Data Interchange Protocol Manipulation - (277)
DeprecatedDeprecated DEPRECATED: Directory Traversal - (213)
DeprecatedDeprecated DEPRECATED: ICMP Fingerprinting Probes - (316)
DeprecatedDeprecated DEPRECATED: IP Fingerprinting Probes - (314)
DeprecatedDeprecated DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware - (453)
DeprecatedDeprecated DEPRECATED: Malware Propagation via USB U3 Autorun - (450)
DeprecatedDeprecated DEPRECATED: OS Fingerprinting - (311)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)
DeprecatedDeprecated DEPRECATED: Removing/short-circuiting 'guard logic' - (56)
DeprecatedDeprecated DEPRECATED: TCP/IP Fingerprinting Probes - (315)
Standard Attack PatternStandard Attack Pattern Design Alteration - (447)
Standard Attack PatternStandard Attack Pattern Development Alteration - (444)
Standard Attack PatternStandard Attack Pattern Disable Security Software - (578)
Standard Attack PatternStandard Attack Pattern DNS Rebinding - (275)
Standard Attack PatternStandard Attack Pattern Drop Encryption Level - (620)
Standard Attack PatternStandard Attack Pattern Email Injection - (134)
Standard Attack PatternStandard Attack Pattern Embedding Scripts within Scripts - (19)
Standard Attack PatternStandard Attack Pattern Encryption Brute Forcing - (20)
Standard Attack PatternStandard Attack Pattern Establish Rogue Location - (616)
Standard Attack PatternStandard Attack Pattern Evercookie - (464)
Standard Attack PatternStandard Attack Pattern Exploit Script-Based APIs - (160)
Standard Attack PatternStandard Attack Pattern Exploit Test APIs - (121)
Standard Attack PatternStandard Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180)
Standard Attack PatternStandard Attack Pattern Exploiting Incorrectly Configured SSL - (217)
Standard Attack PatternStandard Attack Pattern Fake the Source of Data - (194)
Standard Attack PatternStandard Attack Pattern File Content Injection - (23)
Standard Attack PatternStandard Attack Pattern Flash Injection - (182)
Standard Attack PatternStandard Attack Pattern Force Use of Corrupted Files - (263)
Standard Attack PatternStandard Attack Pattern Forceful Browsing - (87)
Standard Attack PatternStandard Attack Pattern Format String Injection - (135)
Standard Attack PatternStandard Attack Pattern Generic Cross-Browser Cross-Domain Theft - (468)
Standard Attack PatternStandard Attack Pattern Hacking Hardware - (401)
Standard Attack PatternStandard Attack Pattern Hijacking a privileged process - (234)
Standard Attack PatternStandard Attack Pattern Hijacking a Privileged Thread of Execution - (30)
Standard Attack PatternStandard Attack Pattern Host Discovery - (292)
Standard Attack PatternStandard Attack Pattern HTTP DoS - (469)
Standard Attack PatternStandard Attack Pattern HTTP Flood - (488)
Standard Attack PatternStandard Attack Pattern HTTP Request Splitting - (105)
Standard Attack PatternStandard Attack Pattern ICMP Flood - (487)
Standard Attack PatternStandard Attack Pattern ICMP Fragmentation - (496)
Standard Attack PatternStandard Attack Pattern IMAP/SMTP Command Injection - (183)
Standard Attack PatternStandard Attack Pattern Inducing Account Lockout - (2)
Standard Attack PatternStandard Attack Pattern Integer Attacks - (128)
Standard Attack PatternStandard Attack Pattern Intent Intercept - (499)
Standard Attack PatternStandard Attack Pattern Intent Spoof - (502)
Standard Attack PatternStandard Attack Pattern Inter-component Protocol Manipulation - (276)
Standard Attack PatternStandard Attack Pattern Jamming - (601)
Standard Attack PatternStandard Attack Pattern LDAP Injection - (136)
Standard Attack PatternStandard Attack Pattern Leverage Alternate Encoding - (267)
Standard Attack PatternStandard Attack Pattern Leverage Executable Code in Non-Executable Files - (35)
Standard Attack PatternStandard Attack Pattern Lifting signing key and signing malicious code from a production environment - (206)
Standard Attack PatternStandard Attack Pattern Linux Terminal Injection - (249)
Standard Attack PatternStandard Attack Pattern Local Code Inclusion - (251)
Standard Attack PatternStandard Attack Pattern Lock Picking - (393)
Standard Attack PatternStandard Attack Pattern Magnetic Strip Card Brute Force Attacks - (398)
Standard Attack PatternStandard Attack Pattern Malicious Hardware Component Replacement - (522)
Standard Attack PatternStandard Attack Pattern Malicious Hardware Update - (534)
Standard Attack PatternStandard Attack Pattern Malicious Logic Inserted Into To Product Software - (442)
Standard Attack PatternStandard Attack Pattern Malicious Logic Insertion into Product Hardware - (452)
Standard Attack PatternStandard Attack Pattern Malicious Logic Insertion into Product Memory - (456)
Standard Attack PatternStandard Attack Pattern Malicious Software Download - (185)
Standard Attack PatternStandard Attack Pattern Malicious Software Implanted - (523)
Standard Attack PatternStandard Attack Pattern Malicious Software Update - (186)
Standard Attack PatternStandard Attack Pattern Malware-Directed Internal Reconnaissance - (529)
Standard Attack PatternStandard Attack Pattern Man in the Middle Attack - (94)
Standard Attack PatternStandard Attack Pattern Manipulate Application Registry Values - (203)
Standard Attack PatternStandard Attack Pattern Manipulating Opaque Client-based Data Tokens - (39)
Standard Attack PatternStandard Attack Pattern Manipulating User-Controlled Variables - (77)
Standard Attack PatternStandard Attack Pattern Manipulating Writeable Configuration Files - (75)
Standard Attack PatternStandard Attack Pattern Navigation Remapping To Propagate Malicious Content - (387)
Standard Attack PatternStandard Attack Pattern Network Topology Mapping - (309)
Standard Attack PatternStandard Attack Pattern Obtain Data via Utilities - (567)
Standard Attack PatternStandard Attack Pattern OS Command Injection - (88)
Standard Attack PatternStandard Attack Pattern Overflow Buffers - (100)
Standard Attack PatternStandard Attack Pattern Overread Buffers - (540)
Standard Attack PatternStandard Attack Pattern Passive OS Fingerprinting - (313)
Standard Attack PatternStandard Attack Pattern Password Brute Forcing - (49)
Standard Attack PatternStandard Attack Pattern Password Recovery Exploitation - (50)
Standard Attack PatternStandard Attack Pattern Path Traversal - (126)
Standard Attack PatternStandard Attack Pattern Pharming - (89)
Standard Attack PatternStandard Attack Pattern Phishing - (98)
Standard Attack PatternStandard Attack Pattern Physical Destruction of Device or Component - (547)
Standard Attack PatternStandard Attack Pattern Port Scanning - (300)
Standard Attack PatternStandard Attack Pattern Principal Spoof - (195)
Standard Attack PatternStandard Attack Pattern Pull Data from System Resources - (545)
Standard Attack PatternStandard Attack Pattern Query System for Information - (54)
Standard Attack PatternStandard Attack Pattern Rainbow Table Password Cracking - (55)
Standard Attack PatternStandard Attack Pattern Redirect Access to Libraries - (159)
Standard Attack PatternStandard Attack Pattern Reflection Attack in Authentication Protocol - (90)
Standard Attack PatternStandard Attack Pattern Reflection Injection - (138)
Standard Attack PatternStandard Attack Pattern Regular Expression Exponential Blowup - (492)
Standard Attack PatternStandard Attack Pattern Remote Code Inclusion - (253)
Standard Attack PatternStandard Attack Pattern Removing Important Client Functionality - (207)
Standard Attack PatternStandard Attack Pattern RFID Chip Deactivation or Destruction - (400)
Standard Attack PatternStandard Attack Pattern Rogue Integration Procedures - (524)
Standard Attack PatternStandard Attack Pattern Route Disabling - (582)
Standard Attack PatternStandard Attack Pattern SaaS User Request Forgery - (510)
Standard Attack PatternStandard Attack Pattern Schema Poisoning - (271)
Standard Attack PatternStandard Attack Pattern Session Credential Falsification through Forging - (196)
Standard Attack PatternStandard Attack Pattern Session Hijacking - (593)
Standard Attack PatternStandard Attack Pattern Signature Spoof - (473)
Standard Attack PatternStandard Attack Pattern Sniffing Attacks - (157)
Standard Attack PatternStandard Attack Pattern SOAP Array Blowup - (493)
Standard Attack PatternStandard Attack Pattern Soap Manipulation - (279)
Standard Attack PatternStandard Attack Pattern SQL Injection - (66)
Standard Attack PatternStandard Attack Pattern SSL Flood - (489)
Standard Attack PatternStandard Attack Pattern Subvert Code-signing Facilities - (68)
Standard Attack PatternStandard Attack Pattern Tapjacking - (506)
Standard Attack PatternStandard Attack Pattern Target Programs with Elevated Privileges - (69)
Standard Attack PatternStandard Attack Pattern Targeted Malware - (542)
Standard Attack PatternStandard Attack Pattern TCP Flood - (482)
Standard Attack PatternStandard Attack Pattern TCP Fragmentation - (494)
Standard Attack PatternStandard Attack Pattern Transaction or Event Tampering via Application API Manipulation - (385)
Standard Attack PatternStandard Attack Pattern Try All Common Switches - (133)
Standard Attack PatternStandard Attack Pattern UDP Flood - (486)
Standard Attack PatternStandard Attack Pattern UDP Fragmentation - (495)
Standard Attack PatternStandard Attack Pattern Use of Known Domain Credentials - (560)
Standard Attack PatternStandard Attack Pattern Using a Snap Gun Lock to Force a Lock - (394)
Standard Attack PatternStandard Attack Pattern Using Unpublished APIs - (36)
Standard Attack PatternStandard Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)
Standard Attack PatternStandard Attack Pattern Web Services API Signature Forgery Leveraging Hash Function Extension Weakness - (461)
Standard Attack PatternStandard Attack Pattern WebView Exposure - (503)
Standard Attack PatternStandard Attack Pattern White Box Reverse Engineering - (167)
Standard Attack PatternStandard Attack Pattern Windows ::DATA Alternate Data Stream - (168)
Standard Attack PatternStandard Attack Pattern XML Client-Side Attack - (484)
Standard Attack PatternStandard Attack Pattern XML External Entities - (221)
Standard Attack PatternStandard Attack Pattern XML Flood - (528)
Standard Attack PatternStandard Attack Pattern XML Injection - (250)
Standard Attack PatternStandard Attack Pattern XML Nested Payloads - (230)
Standard Attack PatternStandard Attack Pattern XML Oversized Payloads - (231)
Standard Attack PatternStandard Attack Pattern XML Parser Attack - (99)
Standard Attack PatternStandard Attack Pattern XML Routing Detour Attacks - (219)
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

Filter Used: .//@Pattern_Abstraction='Standard'

CAPECs in this viewTotal CAPECs
Total170out of623
Views0out of9
Categories0out of72
Attack Patterns170out of542

More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017