Home > CAPEC List > Reports > Differences between 1.5 and 1.6 Content  

Differences between 1.5 and 1.6 Content

Summary
Summary
Total (1.6)460
Total (1.5)384
Attack Patterns
New Patterns Added75
Patterns Deprecated1
Categories
New Categories Added1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added33
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added1

Summary of Entry Types

Type1.51.6
Views66
Categories6768
Attack Patterns311386
Deprecated12

Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-383Harvesting Usernames or UserIDs via Application API Event Monitoring
CAPEC-384Application API Message Manipulation via Man-in-the-Middle
CAPEC-385Transaction or Event Tampering via Application API Manipulation
CAPEC-386Application API Navigation Remapping
CAPEC-387Navigation Remapping To Propagate Malicoius Content
CAPEC-388Application API Button Hijacking
CAPEC-389Content Spoofing Via Application API Manipulation
CAPEC-390Bypassing Physical Security of Systems or Facilities
CAPEC-391Bypassing Physical Locks
CAPEC-392Lock Bumping
CAPEC-393Lock Picking
CAPEC-394Using a Snap Gun Lock to Force a Lock
CAPEC-395Bypassing Electronic Locks and Access Controls
CAPEC-396Bypassing Card or Badge-Based Systems
CAPEC-397Cloning Magnetic Strip Cards
CAPEC-398Magnetic Strip Card Brute Force Attacks
CAPEC-399Cloning RFID Cards or Chips
CAPEC-400RFID Chip Deactivation or Destruction
CAPEC-401Hacking Hardware Devices or Components
CAPEC-402Bypassing ATA Password Security
CAPEC-403Social Engineering Attacks
CAPEC-404Social Information Gathering Attacks
CAPEC-405Social Information Gathering via Research
CAPEC-406Social Information Gathering via Dumpster Diving
CAPEC-407Social Information Gathering via Pretexting
CAPEC-408Information Gathering from Traditional Sources
CAPEC-409Information Gathering from Non-Traditional Sources
CAPEC-410Information Elicitation via Social Engineering
CAPEC-411Pretexting
CAPEC-412Pretexting via Customer Service
CAPEC-413Pretexting via Tech Support
CAPEC-414Pretexting via Delivery Person
CAPEC-415Pretexting via Phone
CAPEC-416Target Influence via Social Engineering
CAPEC-417Target Influence via Perception of Reciprocation
CAPEC-418Target Influence via Perception of Obligation
CAPEC-419Target Influence via Perception of Concession
CAPEC-420Target Influence via Perception of Scarcity
CAPEC-421Target Influence via Perception of Authority
CAPEC-422Target Influence via Perception of Commitment and Consistency
CAPEC-423Target Influence via Perception of Liking
CAPEC-424Target Influence via Perception of Consensus or Social Proof
CAPEC-425Target Influence via Framing
CAPEC-426Target Influence via Manipulation of Incentives
CAPEC-427Target Influence via Psychological Principles
CAPEC-428Target Influence via Modes of Thinking
CAPEC-429Target Influence via Eye Cues
CAPEC-430Target Influence via Micro-Expressions
CAPEC-431Target Influence via Neuro-Linguistic Programming (NLP)
CAPEC-432Target Influence via Voice in NLP
CAPEC-433Target Influence via The Human Buffer Overflow
CAPEC-434Target Influence via Interview and Interrogation
CAPEC-435Target Influence via Instant Rapport
CAPEC-437Supply Chain Attacks
CAPEC-438Integrity Modification/Manipulation During Manufacture
CAPEC-439Integrity Modification during Distribution
CAPEC-440Integrity Modification During Deployed Use
CAPEC-441Malicious Logic Inserted Into Product
CAPEC-442Malicious Logic Inserted Into Product Software
CAPEC-443Malicious Logic Inserted Into Product Software by Authorized Developer
CAPEC-444Malicious Logic Insertion into Product Software via Externally Manipulated Component
CAPEC-445Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC-446Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency
CAPEC-447Malicious Logic Insertion into Product Software during Update
CAPEC-448Malware Infection into Product Software
CAPEC-449Malware Propagation via USB Stick
CAPEC-450Malware Propagation via USB U3 Autorun
CAPEC-451Malware Propagation via Infected Peripheral Device
CAPEC-452Malicious Logic Insertion into Product Hardware
CAPEC-453Malicious Logic Insertion via Counterfeit Hardware
CAPEC-454Modification of Existing Components with Counterfeit Hardware
CAPEC-455Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
CAPEC-456Malicious Logic Insertion into Product Memory
CAPEC-457USB Memory Attacks
CAPEC-458Flash Memory Attacks

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
CAPEC-411Pretexting
Category Changes
Category Changes
New Categories Added
CAPEC-436Physical Security Attacks

Existing Categories Modified with Enhanced Material

Categories Deprecated
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-383 Harvesting Usernames or UserIDs via Application API Event Monitoring
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-319Cleartext Transmission of Sensitive Information
  -->CWE-419Unprotected Primary Channel
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-384 Application API Message Manipulation via Man-in-the-Middle
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-385 Transaction or Event Tampering via Application API Manipulation
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-386 Application API Navigation Remapping
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-387 Navigation Remapping To Propagate Malicoius Content
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-388 Application API Button Hijacking
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-389 Content Spoofing Via Application API Manipulation
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-602Client-Side Enforcement of Server-Side Security

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added
CAPEC-436 Physical Security Attacks
MemberOf   -->CAPEC-1000Mechanism of Attack

CAPEC --> CAPEC Mappings Removed

More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016