Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
Differences between 1.3 and 1.3.1 Content
This new release includes minor improvements and refinements to existing CAPEC content as well as a few additions, primary highlights of which include: clean-up of content accuracy, clarity and consistency across a limited set of the existing content; updated and refined mapping of attack patterns to relevant entries in the Common Weakness Enumeration (CWE™) specifically targeted at adding better mapping to the CWE/SANS Top 25 list; addition of 26 newly authored attack pattern stubs consisting of an assigned CAPEC-ID number and a minimal set of pattern content (Description, Attack_Prerequisites, Typical_Severity, Resources_Required) to enable identification and discrimination of each pattern that include 17 from the existing CAPEC Attack Taxonomy as well as 9 more dealing with Software Integrity Attacks; minor modification of both the CAPEC content schema (v1.8.1) and the CAPEC taxonomy schema (v1.1.1); and, clean-up, refinement and additions to the CAPEC Attack Taxonomy including some reorganization and the addition of a new top-level entry "Analytic Attacks."
The new patterns for this version are listed below.
New attack pattern stubs:
CAPEC-184 - Software Integrity Attacks
More information is available — Please select a different filter.