Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
This page describes how vendors are using CAPEC in their products and processes. Please email email@example.com to have your product information included on this page.
NOTE: This page is for informational purposes only. Inclusion on this page does not constitute an endorsement of these vendors or products by DHS, HSSEDI, or MITRE.
IBM SecurityAssociating CAPEC attack patterns with real cyber-security incidents
For the 2018 IBM X-Force Threat Intelligence Index, the X-Force team grouped methods of attack observed in 2017 according to the CAPEC standard.
Using CAPEC helps analysts better recognize which attack patterns they most often see and then prioritize improvements to their security. Just knowing there have been a lot of distributed denial-of-service (DDoS) attacks, for example, doesn’t indicate how to best defend against them because this type of incident can occur as a consequence of different attack patterns. CAPEC associates consequences of an attack with many different known patterns of adversary behavior, providing more complete information to enhance defense coverage.
For more information see CAPEC: Making Heads or Tails of Attack Patterns.
Goal-based product security testing using CAPEC
Praetorian offers a product security testing methodology centered around the CAPEC framework.
"We use the consequences property associated with each attack pattern to identify and test the patterns that are most important to our clients. We have associated "features" to each attack pattern that highlight functionality or characteristics of a product that may indicate an increased likelihood for a particular attack pattern. These "features" are our proprietary value-added extension to the CAPEC data model. We can then tailor our security testing to prioritize the highest likelihood attack patterns and the attack patterns that contribute to a high-risk goal, while still getting coverage across the entire product. The CAPEC framework gives us a way to show our clients the most likely attack patterns based on their threat model and the features of their application, which we see as a significant improvement over most checklist-based methodologies for product security testing."
For more information see https://www.praetorian.com/product-security.
ThreatModeler leverages CAPEC within its Centralized Threat Library (CTL)
ThreatModeler utilizes CAPEC’s detailed knowledge base of threats and attack patterns in its Centralized Threat Library (CTL). Our platform gathers data from each threat available in the library and applies various security requirements so organizations can focus on the proper mitigation strategy. This organized, indexed, centralized repository of information keeps key stakeholders informed and updated on emerging threats and the status of security efforts throughout the organization.
For more information see https://www.threatmodeler.com.
More information is available — Please select a different filter.