New to CAPEC? Start Here
Home > CAPEC List > Reports > Differences between 1.5 and 1.6 Content  

Differences between 1.5 and 1.6 Content

Summary
Summary
Total (1.6)460
Total (1.5)384
Attack Patterns
New Patterns Added75
Patterns Deprecated1
Categories
New Categories Added1
CAPEC -> CWE Mappings
CAPEC -> CWE Mappings Added33
CAPEC -> CAPEC Mappings
CAPEC -> CAPEC Mappings Added1

Summary of Entry Types

Type1.51.6
Views66
Categories6768
Attack Patterns311386
Deprecated12

Back to top
Attack Pattern Changes
Attack Pattern Changes
New Patterns Added
CAPEC-383Harvesting Usernames or UserIDs via Application API Event Monitoring
CAPEC-384Application API Message Manipulation via Man-in-the-Middle
CAPEC-385Transaction or Event Tampering via Application API Manipulation
CAPEC-386Application API Navigation Remapping
CAPEC-387Navigation Remapping To Propagate Malicoius Content
CAPEC-388Application API Button Hijacking
CAPEC-389Content Spoofing Via Application API Manipulation
CAPEC-390Bypassing Physical Security of Systems or Facilities
CAPEC-391Bypassing Physical Locks
CAPEC-392Lock Bumping
CAPEC-393Lock Picking
CAPEC-394Using a Snap Gun Lock to Force a Lock
CAPEC-395Bypassing Electronic Locks and Access Controls
CAPEC-396Bypassing Card or Badge-Based Systems
CAPEC-397Cloning Magnetic Strip Cards
CAPEC-398Magnetic Strip Card Brute Force Attacks
CAPEC-399Cloning RFID Cards or Chips
CAPEC-400RFID Chip Deactivation or Destruction
CAPEC-401Hacking Hardware Devices or Components
CAPEC-402Bypassing ATA Password Security
CAPEC-403Social Engineering Attacks
CAPEC-404Social Information Gathering Attacks
CAPEC-405Social Information Gathering via Research
CAPEC-406Social Information Gathering via Dumpster Diving
CAPEC-407Social Information Gathering via Pretexting
CAPEC-408Information Gathering from Traditional Sources
CAPEC-409Information Gathering from Non-Traditional Sources
CAPEC-410Information Elicitation via Social Engineering
CAPEC-411Pretexting
CAPEC-412Pretexting via Customer Service
CAPEC-413Pretexting via Tech Support
CAPEC-414Pretexting via Delivery Person
CAPEC-415Pretexting via Phone
CAPEC-416Target Influence via Social Engineering
CAPEC-417Target Influence via Perception of Reciprocation
CAPEC-418Target Influence via Perception of Obligation
CAPEC-419Target Influence via Perception of Concession
CAPEC-420Target Influence via Perception of Scarcity
CAPEC-421Target Influence via Perception of Authority
CAPEC-422Target Influence via Perception of Commitment and Consistency
CAPEC-423Target Influence via Perception of Liking
CAPEC-424Target Influence via Perception of Consensus or Social Proof
CAPEC-425Target Influence via Framing
CAPEC-426Target Influence via Manipulation of Incentives
CAPEC-427Target Influence via Psychological Principles
CAPEC-428Target Influence via Modes of Thinking
CAPEC-429Target Influence via Eye Cues
CAPEC-430Target Influence via Micro-Expressions
CAPEC-431Target Influence via Neuro-Linguistic Programming (NLP)
CAPEC-432Target Influence via Voice in NLP
CAPEC-433Target Influence via The Human Buffer Overflow
CAPEC-434Target Influence via Interview and Interrogation
CAPEC-435Target Influence via Instant Rapport
CAPEC-437Supply Chain Attacks
CAPEC-438Integrity Modification/Manipulation During Manufacture
CAPEC-439Integrity Modification during Distribution
CAPEC-440Integrity Modification During Deployed Use
CAPEC-441Malicious Logic Inserted Into Product
CAPEC-442Malicious Logic Inserted Into Product Software
CAPEC-443Malicious Logic Inserted Into Product Software by Authorized Developer
CAPEC-444Malicious Logic Insertion into Product Software via Externally Manipulated Component
CAPEC-445Malicious Logic Insertion into Product Software via Configuration Management Manipulation
CAPEC-446Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency
CAPEC-447Malicious Logic Insertion into Product Software during Update
CAPEC-448Malware Infection into Product Software
CAPEC-449Malware Propagation via USB Stick
CAPEC-450Malware Propagation via USB U3 Autorun
CAPEC-451Malware Propagation via Infected Peripheral Device
CAPEC-452Malicious Logic Insertion into Product Hardware
CAPEC-453Malicious Logic Insertion via Counterfeit Hardware
CAPEC-454Modification of Existing Components with Counterfeit Hardware
CAPEC-455Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components
CAPEC-456Malicious Logic Insertion into Product Memory
CAPEC-457USB Memory Attacks
CAPEC-458Flash Memory Attacks

Existing Patterns Modified with Enhanced Material

Patterns Deprecated
CAPEC-411Pretexting
Back to top
Category Changes
Category Changes
New Categories Added
CAPEC-436Physical Security Attacks

Existing Categories Modified with Enhanced Material

Categories Deprecated
Back to top
View Changes
View Changes
Views Added

Existing Views Modified with Enhanced Material

Views Deprecated
Back to top
Mapping Changes
Mapping Changes
CAPEC --> CWE Mappings Added
CAPEC-383 Harvesting Usernames or UserIDs via Application API Event Monitoring
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-319Cleartext Transmission of Sensitive Information
  -->CWE-419Unprotected Primary Channel
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-384 Application API Message Manipulation via Man-in-the-Middle
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-385 Transaction or Event Tampering via Application API Manipulation
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-386 Application API Navigation Remapping
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-387 Navigation Remapping To Propagate Malicoius Content
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-388 Application API Button Hijacking
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-471Modification of Assumed-Immutable Data (MAID)
  -->CWE-602Client-Side Enforcement of Server-Side Security
CAPEC-389 Content Spoofing Via Application API Manipulation
  -->CWE-311Missing Encryption of Sensitive Data
  -->CWE-345Insufficient Verification of Data Authenticity
  -->CWE-346Origin Validation Error
  -->CWE-602Client-Side Enforcement of Server-Side Security

CAPEC --> CWE Mappings Removed

CAPEC --> CAPEC Mappings Added
CAPEC-436 Physical Security Attacks
MemberOf   -->CAPEC-1000Mechanism of Attack

CAPEC --> CAPEC Mappings Removed
Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: October 28, 2016
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2025, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.