New to CAPEC? Start Here
Home > About CAPEC  



The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

"Attack Patterns" are descriptions of the common attributes and approaches employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. Attack patterns define the challenges that an adversary may face and how they go about solving it. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

Each attack pattern captures knowledge about how specific parts of an attack are designed and executed, and gives guidance on ways to mitigate the attack's effectiveness. Attack patterns help those developing applications, or administrating cyber-enabled capabilities to better understand the specific elements of an attack and how to stop them from succeeding.

Some Well-Known Attack Patterns:


CAPEC was established by the U.S. Department of Homeland Security as part of the Software Assurance (SwA) strategic initiative of the Office of Cybersecurity and Communications (CS&C). Initially released in 2007, the CAPEC List continues to evolve with public participation and contributions to form a standard mechanism for identifying, collecting, refining, and sharing attack patterns among the cybersecurity community.


Attack patterns captured in such a formalized way can bring considerable value to the development and maintenance of cyber-enabled capabilities, including:

  • Training – Educate software developers, testers, buyers, and managers.
  • Requirements – Define potential threats.
  • Design – Provide context for architectural risk analysis.
  • Implementation – Prioritize review activities.
  • Verification – Guide appropriate penetration testing.
  • Release – Understand trends and attacks to monitor.
  • Response – Leverage lessons learned into preventative guidance.

Of course, attack patterns are not the only useful tool for building secure cyber-enabled capabilities. Many other tools, such as misuse/abuse cases, security requirements, threat models, knowledge of common weaknesses and vulnerabilities, and attack trees, can help. Attack patterns play a unique role amid this larger architecture of security knowledge and techniques.


To discuss the CAPEC effort in general or the impacts and opportunities noted above, please send an email to the CAPEC Community Discussion List, or email us directly at

More information is available — Please select a different filter.
Page Last Updated or Reviewed: April 04, 2019