Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior – CAPEC and ATT&CK, each focused on a specific set of use cases.
This page explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity.
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC is focused on application security and describes the common attributes and techniques employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. (e.g., SQL Injection, XSS, Session Fixation, Clickjacking)
Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
ATT&CK is focused on network defense and describes the operational phases in an adversary’s lifecycle, pre and post-exploit (e.g., Persistence, Lateral Movement, Exfiltration), and details the specific tactics, techniques, and procedures (TTPs) that advanced persistent threats (APT) use to execute their objectives while targeting, compromising, and operating inside a network.
How they are related ...
Many attack patterns enumerated by CAPEC are employed by adversaries through specific techniques described by ATT&CK. This enables contextual understanding of the attack patterns within an adversary’s operational lifecycle. CAPEC attack patterns and related ATT&CK techniques are cross referenced when appropriate between the two efforts.
When to use ...
Use CAPEC for:
Use ATT&CK for:
More information is available — Please select a different filter.