CAPEC - VIEW LIST: CAPEC-283: Standard Abstractions (Release 1.4)

Home > CAPEC List > VIEW LIST: CAPEC-283: Standard Abstractions (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-283: Standard Abstractions

Standard Abstractions

Definition in a New Window

View ID: 283 (View: Implicit Slice)

Status: Draft

View Data

View Structure: Implicit_Slice

View Objective

This view (slice) covers standard abstraction attack patterns.

Filter Used: .//@Pattern_Abstraction='Standard'

	CAPECs in this view		Total CAPECs
Total	164	out of	310
Views	0	out of	5
Categories	0	out of	18
Attack Patterns	171	out of	287

Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1)

Attack Pattern Accessing, Modifying or Executing Executable Files - (17)

Attack Pattern Action Spoofing - (173)

Attack Pattern API Abuse/Misuse - (113)

Attack Pattern Argument Injection - (6)

Attack Pattern Attack through Shared Data - (124)

Attack Pattern Authentication Abuse - (114)

Attack Pattern Authentication Bypass - (115)

Attack Pattern Block Access to Libraries - (96)

Attack Pattern Brute Force - (112)

Attack Pattern Buffer Attacks - (123)

Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140)

Attack Pattern Cache Poisoning - (141)

Attack Pattern Cause Web Server Misclassification - (11)

Attack Pattern Checksum Spoofing - (145)

Attack Pattern Choosing a Message/Channel Identifier on a Public/Multicast Channel - (12)

Attack Pattern Clickjacking - (103)

Attack Pattern Code Inclusion - (175)

Attack Pattern Command Delimiters - (15)

Attack Pattern Command Line Execution through SQL Injection - (108)

Attack Pattern Common resource location exploration - (150)

Attack Pattern Configuration/Environment manipulation - (176)

Attack Pattern Content Spoofing - (148)

Attack Pattern Craft a Maliciously Misconfigured Registry - (270)

Attack Pattern Create files with the same name as files protected with a higher classification - (177)

Attack Pattern Create Malicious Client - (202)

Attack Pattern Cross Site Request Forgery (aka Session Riding) - (62)

Attack Pattern Cross Site Scripting through Log Files - (106)

Attack Pattern Cross Site Tracing - (107)

Attack Pattern Cross Zone Scripting - (104)

Attack Pattern Cross-Site Flashing - (178)

Attack Pattern Cross-Site Scripting in Error Pages - (198)

Attack Pattern Cross-Site Scripting Using Alternate Syntax - (199)

Attack Pattern Cross-Site Scripting Using MIME Type Mismatch - (209)

Attack Pattern Cryptanalysis - (97)

Attack Pattern Data Excavation Attacks - (116)

Attack Pattern Data Interception Attacks - (117)

Attack Pattern Data Interchange Protocol Manipulation - (277)

Attack Pattern Denial of Service through Resource Depletion - (227)

Attack Pattern Detect Unpublicised Web Pages - (143)

Attack Pattern Detect Unpublicised Web Services - (144)

Attack Pattern Directory Indexing - (127)

Attack Pattern Directory Traversal - (213)

Attack Pattern Discovering, querying, and finally calling micro-services, such as w/ AJAX - (179)

Attack Pattern DNS Cache Poisoning - (142)

Attack Pattern DNS Zone Transfers - (291)

Attack Pattern Double Encoding - (120)

Attack Pattern Email Injection - (134)

Attack Pattern Embedding Scripts in Nonscript Elements - (18)

Attack Pattern Embedding Scripts within Scripts - (19)

Attack Pattern Encryption Brute Forcing - (20)

Attack Pattern Enumerate Mail Exchange (MX) Records - (290)

Attack Pattern Exploitation of Authorization - (122)

Attack Pattern Exploitation of Session Variables, Resource IDs and other Trusted Credentials - (21)

Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180)

Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)

Attack Pattern Explore for predictable temporary file names - (149)

Attack Pattern External Entity Attack - (201)

Attack Pattern External Entity Attack - (221)

Attack Pattern Fake the Source of Data - (194)

Attack Pattern File Manipulation - (165)

Attack Pattern File System Function Injection, Content Based - (23)

Attack Pattern Flash File Overlay - (181)

Attack Pattern Flash Injection - (182)

Attack Pattern Flash Parameter Injection - (174)

Attack Pattern Footprinting - (169)

Attack Pattern Force the System to Reset Values - (166)

Attack Pattern Force Use of Corruped Files - (263)

Attack Pattern Forced Deadlock - (25)

Attack Pattern Forced Integer Overflow - (92)

Attack Pattern Forceful Browsing - (87)

Attack Pattern Format String Injection - (135)

Attack Pattern Fuzzing - (28)

Attack Pattern Hijacking a privileged process - (234)

Attack Pattern Hijacking a Privileged Thread of Execution - (30)

Attack Pattern Host Discovery - (292)

Attack Pattern HTTP Request Splitting - (105)

Attack Pattern Identity Spoofing (Impersonation) - (151)

Attack Pattern IMAP/SMTP Command Injection - (183)

Attack Pattern Inducing Account Lockout - (2)

Attack Pattern Infrastructure Manipulation - (161)

Attack Pattern Input Data Manipulation - (153)

Attack Pattern Integer Attacks - (128)

Attack Pattern Inter-component Protocol Manipulation - (276)

Attack Pattern LDAP Injection - (136)

Attack Pattern Leverage Executable Code in Nonexecutable Files - (35)

Attack Pattern Leveraging Race Conditions - (26)

Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)

Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)

Attack Pattern Lifting cached, sensitive data embedded in client distributions (thick or thin) - (204)

Attack Pattern Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)

Attack Pattern Lifting Data Embedded in Client Distributions - (37)

Attack Pattern Lifting Sensitive Data from the Client - (167)

Attack Pattern Lifting signing key and signing malicious code from a production environment - (206)

Attack Pattern Locate and Exploit Test APIs - (121)

Attack Pattern Log Injection-Tampering-Forging - (93)

Attack Pattern Malicious Automated Software Update - (187)

Attack Pattern Malicious Software Update - (186)

Attack Pattern Man in the Middle Attack - (94)

Attack Pattern Manipulate Application Registry Values - (203)

Attack Pattern Manipulating hidden fields to change the normal flow of transactions (eShoplifting) - (162)

Attack Pattern Manipulating Input to File System Calls - (76)

Attack Pattern Manipulating Opaque Client-based Data Tokens - (39)

Attack Pattern Manipulating User State - (74)

Attack Pattern Manipulating User-Controlled Variables - (77)

Attack Pattern Manipulating Writeable Configuration Files - (75)

Attack Pattern Mobile Phishing (aka MobPhishing) - (164)

Attack Pattern Object Relational Mapping Injection - (109)

Attack Pattern OS Command Injection - (88)

Attack Pattern Overflow Buffers - (100)

Attack Pattern Oversized Payloads Sent to XML Parsers - (231)

Attack Pattern Parameter Injection - (137)

Attack Pattern Passively Sniff and Capture Application Code Bound for Authorized Client - (65)

Attack Pattern Password Brute Forcing - (49)

Attack Pattern Password Recovery Exploitation - (50)

Attack Pattern Pharming - (89)

Attack Pattern Phishing - (98)

Attack Pattern PHP Remote File Inclusion - (193)

Attack Pattern Pointer Attack - (129)

Attack Pattern Poison Web Service Registry - (51)

Attack Pattern Port Scanning - (300)

Attack Pattern Principal Spoofing - (195)

Attack Pattern Probing an Application Through Targeting its Error Reporting - (54)

Attack Pattern Programming to included script-based APIs - (160)

Attack Pattern Protocol Reverse Engineering - (192)

Attack Pattern Rainbow Table Password Cracking - (55)

Attack Pattern Recursive Payloads Sent to XML Parsers - (230)

Attack Pattern Redirect Access to Libraries - (159)

Attack Pattern Reflection Attack in Authentication Protocol - (90)

Attack Pattern Reflection Injection - (138)

Attack Pattern Relative Path Traversal - (139)

Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)

Attack Pattern Removing Important Functionality from the Client - (207)

Attack Pattern Removing/short-circuiting 'guard logic' - (56)

Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)

Attack Pattern Resource Depletion through Allocation - (130)

Attack Pattern Resource Depletion through Flooding - (125)

Attack Pattern Resource Depletion through Leak - (131)

Attack Pattern Resource Location Attacks - (154)

Attack Pattern Reusing Session IDs (aka Session Replay) - (60)

Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)

Attack Pattern Screen Temporary Files for Sensitive Information - (155)

Attack Pattern Server Side Include (SSI) Injection - (101)

Attack Pattern Session Credential Falsification through Forging - (196)

Attack Pattern Session Fixation - (61)

Attack Pattern Session Sidejacking - (102)

Attack Pattern Simple Script Injection - (63)

Attack Pattern Sniffing Attacks - (157)

Attack Pattern Sniffing Information Sent Over Public/multicast Networks - (158)

Attack Pattern Soap Manipulation - (279)

Attack Pattern Spear Phishing - (163)

Attack Pattern SQL Injection - (66)

Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)

Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)

Attack Pattern Subvert Code-signing Facilities - (68)

Attack Pattern Subverting Environment Variable Values - (13)

Attack Pattern Symlink Attacks - (132)

Attack Pattern Target Programs with Elevated Privileges - (69)

Attack Pattern Try All Common Application Switches and Options - (133)

Attack Pattern URL Encoding - (72)

Attack Pattern User-Controlled Filename - (73)

Attack Pattern Variable Manipulation - (171)

Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)

Attack Pattern Web Logs Tampering - (81)

Attack Pattern Web Server/Application Fingerprinting - (170)

Attack Pattern Windows ::DATA Alternate Data Stream - (168)

Attack Pattern XEE (XML Entity Expansion) - (197)

Attack Pattern XML Parser Attack - (99)

Attack Pattern XML Ping of Death - (147)

Attack Pattern XML Routing Detour Attacks - (219)

Attack Pattern XML Schema Poisoning - (146)

Page Last Updated: September 22, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us